UBUNTU-CVE-2021-28952

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. This has been fixed in 5.12-rc4...

Exploit for Path Traversal in Microsoft

I will continue to add any new code or modify existing code ba...

CVE-2020-24679

creationtimestamp| type| source ---|---|--- 2020-12-23 00:54:03+00:00| seen| https://t.me/cibsecurity/21199...

PYSEC-2020-148

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

@here/harp-leaflet (>=0.2.4 <=0.2.5) potentially affected by CVE-2020-8244 via bl (=4.0.2)

bl NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on bl and may be impacted: - @here/harp-leaflet =0.2.4, =0.2.5 Source cves: CVE-2020-8244 Source advisory: OSV:GHSA-PP7H-53GX-MX7R...

UBUNTU-CVE-2020-15113

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...

GHSA-XP63-6VF5-XF3V Command injection in codecov (npm package)

Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...

SUSE-SU-2020:1789-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions bsc1172405...

OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery Vulnerabilities

Exploit for php platform in category web applications Product: OX Guard Vendor: OX Software GmbH Internal reference: GUARD-179 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 2.10.3 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed...

OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery

Product: OX Guard Vendor: OX Software GmbH Internal reference: GUARD-179 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 2.10.3 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.10.2-rev9, 2.10.3-rev4 Vendor notification...

CVE-2019-5135

WAGO PFC100/200 Web-Based Management (WBM) authentication timing information disclosure (CVE-2019-5135) is detailed in the TALOS entry. The vulnerability resides in the WBM login routine where the PHP crypt() function is used to generate a password hash for comparison, allowing an attacker to inf...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit

Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested on: NA CVE : CVE-2019-7265 Advisory:...

CVE-2019-8042

creationtimestamp| type| source ---|---|--- 2019-08-15 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47276 2025-08-31 03:01:29+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2025-08-31 03:13:06+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

CVE-2019-0892

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'...

Security Advisory 0040

Security Advisory 0040 PDF Date: April 16th, 2019 Last Updated: April 29th, 2019 Version: 1.1 Revision | Date | Changes ---|---|--- 1.0 | April 16th, 2019 | Initial Release 1.1 | April 29th, 2019 | Updated with CVE reference and mitigation for impacted versions The CVE-ID tracking this issue is...

CVE-2019-6220

creationtimestamp| type| source ---|---|--- 2019-01-28 15:10:00+00:00| seen| MISP/5c4f1a2e-1300-4391-87cf-19c50a021402...

SugarCRM Web Logic Hooks Module PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "triggerevent" parameter is not properly sanitized before being used to save PHP code into the 'logichooks.php' file through the Web Logic Hooks module. This can be...

SugarCRM WorkFlow PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $POST'basemodule' parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the...

MGASA-2018-0474 Updated apache-mod_perl packages fix security vulnerability

A flaw was found in modperl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processi...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...