Command injection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request smb2getmsg in smb2getksmbdtcon and smb2checkusersession will always return the first request smb2 header in a compound request. if SMB2TREECONNECTHE is the first command ...

UBUNTU-CVE-2023-52442

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request smb2getmsg in smb2getksmbdtcon and smb2checkusersession will always return the first request smb2 header in a compound request. if SMB2TREECONNECTHE is the first command ...

CVE-2023-52442 ksmbd: validate session id and tree id in compound request

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request smb2getmsg in smb2getksmbdtcon and smb2checkusersession will always return the first request smb2 header in a compound request. if SMB2TREECONNECTHE is the first command ...

CVE-2023-52442

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request smb2getmsg in smb2getksmbdtcon and smb2checkusersession will always return the first request smb2 header in a compound request. if SMB2TREECONNECTHE is the first command ...

kernel: net/sched: sch_hfsc UAF

A use-after-free flaw was found in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSCFSC flag set, has a parent without a link-sharing curve, then...

PT-2024-7726 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.4.0 Description: The Linux kernel has a vulnerability in the powerpc/pseries/iommu component. When the kdump kernel tries to copy dump data over SR-IOV, the LPAR panics due to a NULL pointer exception. The...

The vulnerability of the Cronvel Tree-kit lies in the uncontrolled modification of object prototypes’ attributes, allowing attackers to execute arbitrary code.

The vulnerability of Cronvel Tree-kit is related to uncontrolled changes to the attributes of the object’s prototype. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

PT-2024-7718 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the handling of quirks applicable to ACPI-based platforms in the Linux kernel. While refactoring the way the ITSs are probed, the handling of these quirks was...

PT-2024-3411 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL dereference in the scmi perf domain remove function when the power-domain-cells property is missing in the Device Tree DT provided to the system. This...

git: git apply: a path outside the working tree can be overwritten with crafted input

A vulnerability was found in Git. This security issue occurs when feeding a crafted input to "git apply." A path outside the working tree can be overwritten by the user running "git apply."...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2023-51063

QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting XSS vulnerability within the component qnme-ajax?method=treelevel...

CVE-2023-51064

QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=treetable...

QStar Archive Solutions Security Breach

QStar Archive Solutions is QStar's range of storage technologies for managing disk arrays, object storage, tape libraries, optical libraries, WORM and clouds private and hybrid. A security vulnerability exists in the QStar Archive Solutions RELEASE3-0 Build 7 release, which stems from a DOM-based...

PT-2024-14043 · Unknown · Qstar Archive Solutions

Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0 Description: A DOM Based reflected XSS issue was found in the qnme-ajax component, specifically in the "method=tree table" part. This could potentially allow for malicious script...

QStar Archive Solutions Security Breach

QStar Archive Solutions is QStar's range of storage technologies for managing disk arrays, object storage, tape libraries, optical libraries, WORM and clouds private and hybrid. A security vulnerability exists in the QStar Archive Solutions RELEASE3-0 Build 7 release, which stems from a DOM-based...

PT-2024-14042 · Qstar · Qstar Archive Solutions

Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0 Description: A DOM Based Reflected Cross Site Scripting XSS issue was found in the qnme-ajax component, specifically in the method=tree level endpoint. This allows for potential...

ancienttreeforum.org.uk Cross Site Scripting vulnerability OBB-3829075

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-50732

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...