CVE-2023-28147

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and...

CVE-2023-28147

creationtimestamp| type| source ---|---|--- 2025-01-09 20:17:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1065...

Edu-Sharing Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

CVE-2024-28147

Edu-sharing (pre-9.0.0-RC19) is affected by CVE-2024-28147: an authenticated user can upload arbitrary files via the collection preview image upload, enabling Stored XSS through HTML/JavaScript execution when users access the direct image URL and potential DoS via SVG with nested XML entities. Af...

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

ARM Mali GPU Kernel Driver < r43p0 Use After Free (CVE-2023-28147)

The version of the Mali GPU Kernel Driver installed on the remote system is prior to r43p0 running on Midgard, Bifrost, Valhall or 5th Gen architecture. It is, therefore affected by a use-after-free error. A non-privileged user can make improper GPU processing operations to gain access to already...

CVE-2023-28147

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and...

CVE-2023-28147

CVE-2023-28147: Arm Mali GPU Kernel Driver contains a use-after-free in improper GPU processing operations, allowing a non-privileged user to access freed memory. Affected: Midgard (r29p0–r32p0), Bifrost (r17p0–r42p0 before r43p0), Valhall (r19p0–r42p0 before r43p0), and Arm Gen5 (r41p0–r42p0 bef...

CVE-2022-28147

creationtimestamp| type| source ---|---|--- 2022-03-29 17:00:46+00:00| seen| https://t.me/cibsecurity/39740...

CVE-2022-28147

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-28147

CVE-2022-28147 affects Jenkins Continuous Integration with Toad Edge Plugin (version 2.3 and earlier). The impact is a missing permission check that lets an attacker with Overall/Read permission verify the existence of an attacker-specified file path on the Jenkins controller filesystem. The prov...

openSUSE 15 Security Update : SUSE Manager Client Tools (openSUSE-SU-2021:1162-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1162-1 advisory. - Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning...

openSUSE 15 Security Update : grafana (openSUSE-SU-2021:1148-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1148-1 advisory. - The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a...

openSUSE 15 Security Update : grafana (openSUSE-SU-2021:2662-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2662-1 advisory. - The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a...

openSUSE 15 Security Update : SUSE Manager Client Tools (openSUSE-SU-2021:2675-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2675-1 advisory. - Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning...

Grafana 6.1.0-beta1 - 7.4.3 Access Control Bypass Vulnerability

Grafana is prone to an access control bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2021-28147

creationtimestamp| type| source ---|---|--- 2021-03-22 17:37:14+00:00| seen| https://t.me/cibsecurity/25225...

CVE-2021-28147

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...

CVE-2021-28147

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...