658 matches found
DEBIAN-CVE-2020-16093
In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...
Sensitive Information Disclosure
Xen is vulnerable to Sensitive Information Disclosure. Linux block table does not zero memory regions before sharing with the backend, leading to information disclosure. Additionally, the grant table only shares 4k pages, leading to unrelated data from different backends residing in the same page...
UBUNTU-CVE-2022-33741
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
NestJS Proxy 信息泄露漏洞
NestJS Proxy is a Finastra open source NestJS module for decorating and proxying calls. A security vulnerability exists in NestJS Proxy versions prior to 0.7.0 that stems from the nestjs-proxy library's inability to control when an authorization header should be forwarded for a specific backend...
PT-2022-19455 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The implementation of tf.raw ops.SpaceToBatchND is vulnerable to an integer overflow. Thi...
NewStart CGSL MAIN 6.02 : sane-backends Vulnerability (NS-SA-2022-0058)
The remote NewStart CGSL host, running version MAIN 6.02, has sane-backends packages installed that are affected by a vulnerability: - A NULL pointer dereference in saneiepsonnetread in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to caus...
EulerOS 2.0 SP8 : sane-backends (EulerOS-SA-2022-1587)
According to the versions of the sane-backends packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to re...
Huawei EulerOS: Security Advisory for sane-backends (EulerOS-SA-2022-1587)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-24837
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
CVE-2022-24837 Enumerable upload file names in hedgedoc
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
Huawei EulerOS: Security Advisory for sane-backends (EulerOS-SA-2022-1362)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : sane-backends (EulerOS-SA-2022-1362)
According to the versions of the sane-backends packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5338-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5338-1 advisory. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1...
PT-2022-16862 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.7 Description: The issue is a Remote Code Execution RCE vulnerability in Parse Server, affecting the default configuration with MongoDB. The main weakness is the Prototype Pollution vulnerable code in the...
CVE-2022-23036
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...
CVE-2022-23037
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...
CVE-2022-23038
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...
CVE-2022-23041
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...
UBUNTU-CVE-2022-23037
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...
CVE-2022-23042
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...