323 matches found
CVE-2022-24349
CVE-2022-24349: In Zabbix, an authenticated user can create a hosts group with a stored XSS payload that becomes available to other users. When users search groups (and similar vectors described in the Debian/SUSE advisories), the XSS payload can execute in the victim’s browser, enabling actions ...
CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...
Mageia: Security Advisory (MGASA-2018-0283)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-44717
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion...
CVE-2021-21902
An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this...
Mozilla Firefox Security Advisory (MFSA2016-63) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-25471
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion...
Design/Logic Flaw
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection...
CVE-2021-25480
CVE-2021-25480 describes a vulnerability in the GUTI REALLOCATION COMMAND handling within Qualcomm modems, where a lack of replay attack protection before Samsung’s SMR Oct-2021 Release 1 could enable remote denial of service on the mobile network connection. The issue is tied to Qualcomm modem p...
CVE-2021-25471
The vulnerability CVE-2021-25471 affects Samsung devices in the Security Mode Command (SMC) processing path where replay protection is missing. This lack of replay attack protection can cause denial of service to mobile network connections and result in battery depletion. Documented impact is tie...
CVE-2021-25471
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion...
Samba < 3.4.0 Remote Code Execution Vulnerability (CVE-2012-0870)
Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program ...
Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 Python Issue (bpo-41944) - Mac OS X
Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...
Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix
The MITRE ATT&CK® for Containers matrix was published today, establishing an industry knowledge base of attack techniques associated with containerization and related technologies that are increasingly more ubiquitous in the current computing landscape. Microsoft is happy to have contributed and...
PT-2021-8368 · Go · Go
Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue arises from the RemoteAddr and LocalAddr methods on the returned net.Conn, which may call themselves, leading to an infinite loop. This loop will cause the program to crash due to a...
CVE-2021-23985
If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker able to make a direct network...
[SECURITY] Fedora 33 Update: postgresql-12.6-1.fc33
PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...
Klog Server 2.4.1 Command Injection
Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...
CVE-2020-26164
In kdeconnect-kde aka KDE Connect before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack...
CVE-2020-26164
In kdeconnect-kde aka KDE Connect before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack...