28 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Zoned – Initialize the zone info of the device for seeding. When performing seeding on a zoned filesystem, it is necessary to initialize the btrfszoneddeviceinfo structure of each zoned device. Otherwise, mounting the...
MiracleLinux 4 : tomcat6-6.0.24-94.AXS4 (AXSA:2016-163:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-163:01 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...
Exploit for CVE-2022-30190
AmzWord an automated attack chain based on CVE-2022-30190, 16...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-163)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-163 advisory. A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing...
Upgraded Q -> M from #163 [1671458931869]
Judge has assessed an item in Issue 163 as M risk. The relevant finding follows: TOKEN TRANSFERS DO NOT VERIFY THAT THE TOKENS WERE SUCCESSFULLY TRANSFERRED Some tokens like zrx do not revert the transaction when the transfer/transferfrom fails and return false, which requires us to check the...
Amazon Linux 2022 : flac, flac-devel, flac-libs (ALAS2022-2022-163)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-163 advisory. An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without additional execution privileges to cause loca...
abrute (>=0.1.7 <=0.1.8), aderyn_core (>=0.0.7 <=0.0.9) +775 more potentially affected by unknown CVE via term_size (>=0.1.1 <=1.0.0-beta.2)
termsize CARGO version =0.1.1, =0.1.7, =0.0.7, =0.0.8, =0.1.0, =0.0.2, =1.0.1, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.2.0, =2.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0163...
NetEase(163,126) Mail Persistent XSS Vulnerability
This ia a 0day XSS vulnerability. The vulnerability for Netease email163,126 that works on all operating systems and browsers. Android and iPhone sometimes don't work You can easily obtain the users session and password with this XSS. Also, QQ-XSS vulnerability will be uploaded soon. Thank you...
google.co.za XSS vulnerability
Vulnerable URL: https://www.google.co.za/url?q=https://myaccount.google.com/signin?continue=https://goo.gl/bFrRLW Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 163 VIP website status:| Yes Check google.co.za SS...
Fedora 23 : xen-4.5.2-5.fc23 (2015-12a089920e)
eepro100: Prevent two endless loops CVE-2015-8345, pcnet: fix rx buffer overflow CVE-2015-7512, ui: vnc: avoid floating point exception CVE-2015-8504, additional patch for XSA-158, CVE-2015-8338 long running memory operations on ARM XSA-158, CVE-2015-8338 XENMEMexchange error handling issues...
openSUSE Security Update : xen (openSUSE-2016-34)
This update for xen fixes the following security issues : - CVE-2015-8550: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: qemu: usb: infinite loop in ehciadvancestate results in DoS boo959006 - CVE-2015-7549: qemu pci: NULL pointer dereference...
openSUSE Security Update : xen (openSUSE-2016-35)
This update for xen fixes the following security issues : - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage boo959387 - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: xen: qemu: usb: infinite loop i...
Security update for xen (important)
This update for xen fixes the following security issues: - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage boo959387 - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: xen: qemu: usb: infinite loop in...
bobo.163.com Open Redirect vulnerability
Vulnerable URL: http://bobo.163.com/checkAuth?url=http://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 29.03.2016 Latest check for patch:| 29.03.2016 00:29 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...
SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2338-1)
This update fixes the following security issues : - bsc955399 - Fix xm migrate --logprogress. Due to logic error progress was not logged when requested. - bsc956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc956592 - xen: virtual PMU is...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1)
This update fixes the following security issues : - bsc956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - Revert x86/IO-APIC: don't create pIRQ mapping from masked RTE until kernel maintenance release goes out. - bsc956592 - xen: virtual PMU is...
SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2326-1)
This update fixes the following security issues : - bsc956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc956592 - xen: virtual PMU is unsupported XSA-163 - bsc956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEMexchange error handling issues XSA-1...
Amazon Linux: Security Advisory (ALAS-2013-163)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Tftpd32 DNS Server 4.00 Denial of Service
No description provided by source. Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0,...
Drupal用户只读模块安全绕过漏洞
Drupal是一款开放源码的内容管理平台。 Drupal 6.x-1.x的用户只读模块在执行某些操作时,应用错误地分配了角色,成功利用后可获取管理员权限。 0 Drupal User Read-Only Module 7.x Drupal User Read-Only Module 6.x 厂商补丁: Drupal ------ Drupal已经为此发布了一个安全公告(1840886)以及相应补丁: 1840886:SA-CONTRIB-2012-163 - User Read-Only - Permission escalation...