AZL-42430 CVE-2024-5458 affecting package php for versions less than 8.1.29-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP, which stems from a code logic error, where a filter function validating URLs incorrectly treats invalid user information containing username and password sections as valid user information for...

LoLLMs Code Issue Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. LoLLMs suffers from a code issue vulnerability that stems from not adequately validating user-entered URLs and a server-side request forgery SSRF vulnerability that could allow an attacker to...

The vulnerability of intermediate software for the Express Webpack-dev-middleware is related to insufficient checking of URL addresses, which allows unauthorized access to protected information.

The vulnerability of intermediate software for the Express Webpack-dev-middleware relates to insufficient validation of the URL address before returning the local file. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

USN-6792-1 flask-security vulnerability

Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary URLs...

kernel: net: mdio: validate parameter addr in mdiobus_get_phy()

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetphy The caller may pass any value as addr, what may result in an out-of-bounds access to array mdiomap. One existing case is stmmacinitphy that may pass -1 as addr. Therefore valida...

PT-2024-20311 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak's redirect uri validation logic, which may allow a bypass of otherwise explicitly allowed hosts. This issue could lead to the theft of an access token, enablin...

PT-2024-19341 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite versions 8.10 through 8.11 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary fil...

AMD Embedded Processors Vulnerabilities – February 2024

Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...

PT-2024-40412 · Crates.Io · Ckb

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The p2p discovery protocol has an issue where it assumes that the peer IP must be a valid IPv4 address. Recommendations: At the moment, there is no information about a newer version tha...

The vulnerability of the formMapDelDevice() function (boafrm/formMapDelDevice) in the Totolink X2000R router software allows a hacker to execute arbitrary commands.

The vulnerability of the formMapDelDevice function boafrm/formMapDelDevice in the Totolink X2000R router software is related to the lack of data cleaning measures at the control level when processing the macstr parameter. Exploiting this vulnerability allows an attacker to execute arbitrary...

Wp Ultimate Review <= 2.3.2 - IP Spoofing

Description The plugin is vulnerable to IP Address Spoofing due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting...

Malware Scanner < 4.7.2 - IP Spoofing

Description The Malware Scanner plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.7.1 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated...

Authentication Bypass

hail is is vulnerable to Authentication Bypass. The vulnerability is due to improper validation while handling OpenID Connect OIDC email addresses. This lack of verification of the user's email domain allows an attacker to manipulate their email address to match an organization's domain with...

keycloak: redirect_uri validation bypass

A flaw was found in the redirecturi validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users...

The vulnerability of the Cisco AnyConnect VPN client software, which is part of the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) network devices, allows attackers to carry out spoofing attacks.

The vulnerability of the Cisco AnyConnect VPN client software, which is part of the Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD systems, relates to improper checking of the internal IP address of the packet source. Exploiting this vulnerability allows a malicious...

SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4665-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4665-1 advisory. Update AMD ucode to 20231030 bsc1215831: - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attack...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices version 4.5.64.4, which stemmed from incorrect URL validation for the presence of...

SUSE CVE-2023-20566

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity...

SUSE CVE-2023-20533

Insufficient DRAM address validation in System Management Unit SMU may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service...