125 matches found
CVE-2022-3977
A use-after-free flaw was found in the Linux kernel MCTP Management Component Transport Protocol functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on...
Ubuntu: Security Advisory (USN-5793-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5793-4: Linux kernel (IBM) vulnerabilities
It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...
Ubuntu: Security Advisory (USN-5793-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5793-2: Linux kernel (Azure) vulnerabilities
It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...
Ubuntu: Security Advisory (USN-5793-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers bsc1145383. Tenable ha...
CVE-2022-3977
A use-after-free flaw was found in the Linux kernel MCTP Management Component Transport Protocol functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on...
openSUSE: Security Advisory for giflib (SUSE-SU-2022:1565-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2022:1565-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3977
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3977
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3977 Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3977
CVE-2021-3977 affects invoiceninja. The connected sources describe a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation, enabling attacker-supplied scripts to execute in a victim’s browser. The issue is documented across multiple feeds (...
SUSE SLES15 Security Update : xen (SUSE-SU-2021:3977-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3977-1 advisory. - CVE-2021-28701: Fixed race condition in XENMAPSPACEgranttable handling XSA-384 bsc1189632. - CVE-2021-28702: Fixed PCI devices wi...
SUSE: Security Advisory (SUSE-SU-2016:1139-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-23922
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read...
SUSE: Security Advisory (SUSE-SU-2016:1140-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-3977
CVE-2020-3977 affects VMware Horizon DaaS 7.x and 8.x prior to 8.0.1 Update 1. Root cause: broken authentication due to how first-factor authentication is handled, enabling potential bypass of two-factor authentication for an attacker with a legitimate Horizon DaaS account. Impact: partial integr...
Horizon DaaS update addresses a broken authentication vulnerability (CVE-2020-3977)
3. Broken authentication vulnerability CVE-2020-3977 Horizon DaaS contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base...