198 matches found
PT-2024-9988 · Glpi · Addressing Glpi Plugin
Name of the Vulnerable Software and Affected Versions: Addressing GLPI plugin versions 3.0.0 through 3.0.3 Description: The issue is related to a poor security check in the Addressing GLPI plugin, which allows an unauthenticated attacker to determine whether data exists by name in GLPI. This can...
CVE-2024-7038 Information Disclosure in open-webui/open-webui
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existenc...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a fixed MTRRs existence checking vulnerability in the x86/mtrr component...
PT-2024-5805 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...
jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...
CVE-2023-42092
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...
PT-2024-14773
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the MediaTek vcodec driver in the Linux kernel. The mtk vcodec mem free function is mostly called when the buffer to free exists, but there are instances where th...
CVE-2024-30333
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...
CVE-2024-28149
Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...
BIT-JENKINS-2021-21606
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path...
UBUNTU-CVE-2021-46900
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism...
CVE-2023-41166
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...
Solmate safetransfer and safeTransferFrom do not check the code size of the token address, which may lead to loss of funds
Lines of code Vulnerability details Impact WildcatMarketWithdrawals, WildcatMarketController, WildcatMarket contracts use Solmate safetransfer and safeTransferFrom functions. However, these functions don't check the existence of code at the token address. This is a known issue while using solmate...
CVE-2023-40179 Silverware Games vulnerable to account enumeration via inconsistent responses
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member o...
The authentication vulnerability of the 389 Directory Server server, which arises from information disclosure due to inconsistencies, allows attackers to gain access to confidential data.
The vulnerability of the 389 Directory Server’s authentication service relates to the disclosure of information during the verification of the existence of a record in the database. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to confidential data...
CVE-2022-43641
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable to a resource management error that results from not verifying the existence of an object before performing an operation on it, which could be exploited by attackers to obtain sensitive information...
The vulnerability of the win32kfull driver of the Graphics component in Windows operating systems allows attackers to exploit their privileges.
The vulnerability of the win32kfull driver of the Microsoft Graphics component in Windows operating systems is related to the use of memory after it is freed, due to the lack of checking the existence of objects before performing operations. Exploiting this vulnerability can allow an attacker to...
Exploit for Race Condition in Openbsd Openssh
SSH-User-Enum-Python3-CVE-2018-15473 SSH User Enumerator in P...
SUSE CVE-2007-2243
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...