CVE-2025-40143

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-40143)

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'forward.0.domain' parameter. This plugin only works with Tenable.ot. Please visit...

CVE-2023-40143

creationtimestamp| type| source ---|---|--- 2024-02-06 23:31:22+00:00| seen| https://t.me/ctinow/180395 2024-02-17 12:11:44+00:00| seen| https://t.me/ctinow/186888...

CVE-2023-40143 Westermo Lynx

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter...

CVE-2023-40143 Westermo Lynx

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter...

CVE-2023-40143

CVE-2023-40143 affects Westermo Lynx web interface. A cross-site scripting flaw allows an attacker who can access the Lynx web application to inject arbitrary JavaScript via the forward.0.domain parameter. Public sources (NVD/Nessus plugin) assign CVSS v3.1 base score 5.4 (Network, Low attack com...

CVE-2022-40143

creationtimestamp| type| source ---|---|--- 2022-09-19 22:38:20+00:00| seen| https://t.me/cibsecurity/50084...

CVE-2022-40143

CVE-2022-40143 is a local privilege-escalation in Trend Micro Apex One and Apex One as a Service, caused by improper link resolution before file access (CWE-59). A low-privilege attacker who can run code on the target can abuse an insecure directory to execute arbitrary code with elevated privile...

CVE-2022-40143

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attack...

org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.33.1-01), org.sonatype.nexus.assemblies:nexus-core-feature (>=3.0.0-03 <=3.33.1-01) +37 more potentially affected by CVE-2021-40143 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.33.1-01)

org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.10.0-04, =3.0.0-03, =3.10.0-04, =3.10.0-04, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =3.17.0-01, =0.0.13, =1.0.10 and more Source cves: CVE-2021-40143 Source advisory: OSV:GHSA-F34X-8P...

CVE-2021-40143

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

CVE-2021-40143

Summary: CVE-2021-40143 affects Sonatype Nexus Repository 3.x up to 3.33.1-01 and is caused by an HTTP header injection vulnerability. An attacker can craft requests that may disclose sensitive information or cause the server to fetch external resources. Exploitation details are not provided in t...