PT-2023-14520 · WordPress · Zephilou Cyklodev Wp Notify

Name of the Vulnerable Software and Affected Versions: Zephilou Cyklodev WP Notify plugin versions 1.2.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting vulnerability that requires authentication with admin+ privileges. There is no information provided about the...

K45435121: DNS Express vulnerability CVE-2018-5538

Security Advisory Description On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to...

PT-2023-12179 · Hyperkit · Hyperkit

Name of the Vulnerable Software and Affected Versions: HyperKit versions 0.20210107 and prior Description: HyperKit is a toolkit for embedding hypervisor capabilities in an application. The implementation of qnotify at pci vtrnd notify fails to check the return value of vq getchain, leading to...

HyperKit 安全漏洞

HyperKit is a Moby open source toolkit for embedding virtual machine monitor functionality in applications. HyperKit 0.20210107 and earlier versions have a security vulnerability that stems from qnotify in pcivtrndnotify being unable to check the return value of vqgetchain, which results in the...

SUSE CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

SUSE CVE-2007-1841

The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...

SUSE CVE-2013-2234

The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...

SUSE CVE-2013-2237

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

SUSE CVE-2015-1222

Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/serviceworker/serviceworkerscriptcachemap.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

SUSE CVE-2016-7795

The managerinvokenotifymessage function in systemd 231 and earlier allows local users to cause a denial of service assertion failure and PID 1 hang via a zero-length message received over a notify socket...

SUSE CVE-2016-7796

The managerdispatchnotifyfd function in systemd allows local users to cause a denial of service system hang via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled...

SUSE CVE-2017-15091

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...

SUSE CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

SUSE CVE-2018-5378

The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

SUSE CVE-2018-5736

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable...

SUSE CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

SUSE CVE-2018-16745

An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...

SUSE CVE-2019-16866

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule...

SUSE CVE-2021-38604

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

SUSE CVE-2022-46342

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se...