6335 matches found
CVE-2022-2503
A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...
traefik -- Use of vulnerable Go modules net/http, net/textproto
The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...
Improper Access Control
vantage6server is vulnerable to Improper Access Control. A remote attacker is able to bypass permissions and access unauthorized modules because assigning existing users to a different organizations is not restricted...
Prometei botnet improves modules and exhibits new capabilities in recent updates
Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate...
GHSA-XM67-587Q-R2VW wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Impact Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one...
Debian: Security Advisory (DSA-2015-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-97-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
iGamingModules flashgames SQL注入漏洞
Flashgames is an open source Xoops module from iGaming Modules. It is used to support Flash game applications. A SQL injection vulnerability exists in iGamingModules flashgames version 1.1.0, which stems from the fact that manipulation of the parameter lid can lead to sql injection...
PT-2023-9864 · Unknown · Igamingmodules Flashgames
Name of the Vulnerable Software and Affected Versions: iGamingModules flashgames version 1.1.0 Description: A critical issue was found in the software. It affects an unknown function of the file game.php. The manipulation of the lid argument leads to sql injection. This issue can be exploited...
SUSE CVE-2022-45155
An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...
CVE-2021-3855
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection. This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...
CVE-2021-3855
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...
Command injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...
渗透字典
This repository is an offensive tool for Bug Bounty research and exploitation. The primary CVE ID is not explicitly mentioned, but it appears to be a collection of exploits and techniques for various vulnerabilities. The repository contains a wide range of exploits and techniques, including: 1...
AZL-13776 CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
Privilege escalation
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
CVE-2023-23918
CVE-2023-23918 affects Node.js runtimes prior to certain fixed releases (examples from connected docs include Node.js 14.21.3, 16.19.1, 18.14.2; some entries reference 18.19.x as fixed). The vulnerability allows bypassing the experimental Permissions feature when enabled with --experimental-polic...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from the presence of an elevation of privilege vulnerability that can be exploited by an attacker to bypass authentication and access unauthorized modules...
CVE-2023-23918
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
The vulnerability of the software for programming Mitsubishi Electric GX Works3 lies in the ability to use strictly encrypted user data, which allows a intruder to obtain information about the project files for security modules on the CPU.
The vulnerability of the software for programming Mitsubishi Electric GX Works3 relates to the possibility of using strictly encrypted user data. Exploiting this vulnerability can allow a malicious actor to obtain information about project files for security modules via the MELSEC protocol...