27 matches found
CVE-2025-70102
A flaw was found in dhcpcd. A specially crafted configuration input may cause the parseoption function to dereference a NULL pointer while processing malformed option data. This issue may result in application termination and a denial of service condition. Mitigation Red Hat is not aware of a...
EUVD-2023-32471
Malicious code in bioql PyPI...
Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...
Linux Distros Unpatched Vulnerability : CVE-2023-41321
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...
CVE-2025-52569 GitHub.jl lacks validation for user-provided fields
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validate...
CVE-2024-25114
Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should...
Test remote endpoint is not rate limited
None...
Tracker miners: Sandbox weakness
Background The Tracker miners are a collection of data extractors for the GNOME Tracker. Description A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deploye...
Linux Distros Unpatched Vulnerability : CVE-2024-25629
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the...
GHSA-6PFC-W86R-54Q6 Welcome and About GeoServer pages communicate version and revision information
Impact The welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Proof of Concept 1. Welco...
NVIDIA Drivers: Privilege Escalation
Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
PT-2024-25549 · Macho Themes · Machothemes Cpo Companion
Name of the Vulnerable Software and Affected Versions: MachoThemes CPO Companion versions 1.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...
PT-2024-23729 · Ecshop · Ecshop
Name of the Vulnerable Software and Affected Versions: ECshop versions 4.x Description: The issue allows an attacker to obtain sensitive information via the file/article.php component. This is achieved through a SQL Injection vulnerability, which enables the attacker to manipulate database querie...
Privilege Escalation in PAN-OS
Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...
Hashcash: Format string vulnerability
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...
GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability
The remote host is affected by the vulnerability described in GLSA-200502-30 cmd5checkpw: Local password leak vulnerability Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the cmd5check...
GLSA-200501-20 : o3read: Buffer overflow during file conversion
The remote host is affected by the vulnerability described in GLSA-200501-20 o3read: Buffer overflow during file conversion Wiktor Kopec discovered that the parsehtml function in o3read.c copies any number of bytes into a 1024-byte t array. Impact : Using a specially crafted file, possibly...