735 matches found
CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...
CLSA-2024-1727895152 php: Fix of 3 CVEs
CVE-2020-7071: fix URL validation with functions like filtervar$url, FILTERVALIDATEURL - CVE-2021-21705: fix URL validation functionality via filtervar function with FILTERVALIDATEURL parameter when an URL with invalid password field can be accepted as valid - CVE-2024-5458: fix early-out for...
kernel: tcp_metrics: validate source addr length
A vulnerability was found in the Linux kernel's tcpmetrics.c, where insufficient validation of the length of the source address for TCP metrics could lead to incorrect memory read out of boundary read...
CVE-2024-8957
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...
Fedora 40 : python3-docs / python3.12 (2024-1d0cb3b43f)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d0cb3b43f advisory. This is the sixth maintenance release of Python 3.12 ==================================================== Python 3.12 is the newest major release of...
CVE-2023-20510
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...
CVE-2023-20509
An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity...
CVE-2023-20510
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...
CVE-2023-20510
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...
CVE-2023-20509
An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity...
CVE-2023-20509
CVE-2023-20509 describes an insufficient DRAM address validation in PMFW that could allow a local privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially leading to data integrity loss. Affected component is PMFW (PM firmware); root cause is address validation ...
AMD Graphics Driver 安全漏洞
AMD Graphics Driver is an integrated graphics driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD Graphics Driver that stems from insufficient address validation and could allow a privileged attacker to perform a DMA read to SRAM from an invalid DRAM address, resulting i...
PT-2024-11947 · Pmfw · Pmfw
Name of the Vulnerable Software and Affected Versions: PMFW affected versions not specified Description: The issue is related to an insufficient DRAM address validation in PMFW, which may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM. This could potentiall...
URL Redirection to Untrusted Site ('Open Redirect')
Overview Affected versions of this package are vulnerable to URL Redirection to Untrusted Site 'Open Redirect' through the commonly used GetAuthorizationContextAsync and IsValidReturnUrl methods which return non-null values and the IsValidReturnUrl method which could return true for malicious URL...
CVE-2024-40963 mips: bmips: BCM6358: make sure CBR is correctly set
In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when archsyncdmaforcpuall is called. This was notice in situation where the system is booted...
CVE-2024-26015
An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...
CVE-2024-26015
An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...
CVE-2024-26015
Fortinet FortiProxy/FortiOS vulnerable to an incorrect parsing of numbers with different radices (CWE-1389) in IP address validation, enabling an unauthenticated attacker to bypass the IP blocklist. Affected: FortiProxy 7.4.3 and below, 7.2.10 and below, 7.0.17 and below; FortiOS 7.4.3 and below,...
USN-6886-1: Go vulnerabilities
It was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...
Server Side Request Forgery (SSRF) attack in Fedify
Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...