67 matches found
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here i.e. "Bugs affecting the non-virtualization use case are not considered security bugs at this time.
...
PT-2024-29710 · Splashtop · Splashtop Streamer
Name of the Vulnerable Software and Affected Versions: Splashtop Streamer for Windows versions prior to 3.7.0.0 Description: The MSI installer for Splashtop Streamer for Windows uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges...
CVE-2023-40720
An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...
PT-2024-3553
Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.0.0 Description The issue is related to a double free vulnerability, which may allow a privileged attacker to execute unauthorized code or commands. This can be achieved via crafted HTTP or HTTPS requests...
CVE-2024-21084
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Service Gateway. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...
PT-2024-23105
Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...
CVE-2023-33304
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. PrestaShop boninstagramcarousel v5.2.1 version to v7.0.0 prior to the version of a security vulnerability , th...
PT-2023-14121 · Fortinet · Fortiweb
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.6 through 6.3.20 FortiWeb versions 6.4.0 through 6.4.2 FortiWeb versions 7.0.0 through 7.0.2 Description: The issue is related to an improper neutralization of CRLF sequences in HTTP headers, also known as 'HTTP Response...
DEBIAN-CVE-2022-35414
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translatefail path, leading to an ioreadx or iowritex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use ca...
Guzzle 信息泄露漏洞
Guzzle is a PHP HTTP client from the individual developers of guzzlehttp that makes it easy to send HTTP requests and easily integrates with web services. An information disclosure vulnerability exists in Guzzle versions 6.5.6 and earlier, 7.0.0 through 7.4.3, which stems from a cookie request...
PT-2022-3768 · Qemu +4 · Qemu +4
Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 7.0.0 Description: The issue in QEMU's softmmu/physmem.c file can lead to an uninitialized read on the translate fail path, resulting in an io readx or io writex crash. A third party notes that this might not be...
com.amazon.opendistroforelasticsearch:opendistro_security (>=1.0.0.0 <=1.0.0.2), com.amazon.opendistroforelasticsearch:opendistro_security_advanced_modules (>=1.0.0.0 <=1.0.0.2) +37 more potentially affected by CVE-2020-7021 via org.elasticsearch:elasticsearch (>=7.0.0 <=7.0.1)
org.elasticsearch:elasticsearch MAVEN version =7.0.0, =1.0.0.0, =1.0.0.0, =1.31.2, =0.1.3, =7.0.0-35.0.0-beta1, =7.0.0-35.0.0-beta1, =0.1, =4.2, =4.2, =4.2, =1.1, =1.3 and more Source cves: CVE-2020-7021 Source advisory: OSV:GHSA-CQGV-256R-M9R8...
Redis Labs Redis 代码注入漏洞
Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. An injection vulnerability...
PT-2022-12147 · Fis +3 · Fis Gt.M +3
Name of the Vulnerable Software and Affected Versions: FIS GT.M versions through V7.0-000 Description: The issue is related to a lack of input validation in calls to eb div in sr port/eb muldiv.c, which allows attackers to crash the application by performing a divide by zero. Recommendations: For...
NetSarang Xmanager 代码问题漏洞
NetSarang Xmanager is a powerful and convenient PC X server software package from NetSarang USA. It is used to bring UNIX/Linux desktops to Windows PCs. A security vulnerability exists in NetSarang Xmanager v7.0.0096 and below that allows attackers to execute arbitrary code via a crafted .exe fil...
DVDFab 路径遍历漏洞
DVDFab is a multimedia solution. A path traversal vulnerability exists in DVDFab 12 PlayerFab. The following products and versions are affected: DVDFab 12 from version 6.2.1.0 to 6.2.1.1, PlayerFab from version 7.0.0.0 to 7.0.0.5...
Fortinet FortiClient 代码注入漏洞
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in FortiClientMacOS...
Vulnerabilities fixed in Fortinet FortiClientEMS
Fortinet has fixed vulnerabilities in FortiClientEMS. The vulnerability with reference CVE-2020-15941 concerns a path traversal vulnerability. This vulnerability allows an authenticated malicious person potentially able to add or delete files on the server to add or delete files. The vulnerabilit...
多款Cisco产品处理逻辑错误漏洞
Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...