Xen IRQ Infinite Loop DoS (XSA-356)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue when handling IRQ vectors. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated an...

Debian: Security Advisory (DSA-4824-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

graduation_design

This is a Python script for a web intrusion detection system using machine learning. The script uses the scikit-learn library to implement a supervised learning approach. It collects and preprocesses normal requests and attack payloads, and uses a Support Vector Machine SVM to classify new reques...

CVE-2020-35890

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity...

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. ordnung crate through 2020-09-03 for Rust A security vulnerability exists that stems from Vec violating memory safety via a remove double free...

Umbraco Cross-Site Scripting Vulnerability

Umbraco is an open source content management system CMS based on ASP.NET technology. Umbraco 8.9.1 and earlier versions are vulnerable to a stored cross-site scripting vulnerability. An attacker can exploit this vulnerability by uploading a malicious .svg file to conduct a cross-site scripting...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust version prior to 2020-09-03 has an ordnung crate in buffer overflow vulnerability that stems from Vec violating memory safety through out-of-bounds access to large volumes. No details of the...

SolarWinds Web Help Desk Cross-Site Scripting Vulnerability (CNVD-2020-73160)

SolarWinds Web Help Desk is a web-based help desk work order and IT asset management software. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via an SVG document uploaded in a...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to weak cipher suites by successfully creating SSL connections

Summary AppScan determined that the site uses weak cipher suites by successfully creating SSL connections using each of the weak cipher suites listed here. Vulnerability Details Third Party Entry: PSIRT-ADV0026310 DESCRIPTION: Created from Advisory: ADV0026310 CVSS Base score: 5.9 CVSS Vector:...

Information disclosure

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...

Solarwinds WebHelpDesk 跨站脚本漏洞

SolarWinds Web Help Desk is a web-based help desk work order and IT asset management software. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via an SVG document uploaded in a...

Virtuozzo 7 : microcode_ctl (VZLSA-2020-5083)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5083 advisory. - hw: Information disclosure issue in Intel SGX via RAPL interface CVE-2020-8695 - hw: Vector Register Leakage-Active CVE-2020-8696 - hw: Fa...

Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Summary Spring Framework vulnerabilities, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security...

The SolarWinds Perfect Storm: Default Password, Access Sales and More

SECOND UPDATE A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password “SolarWinds123” that gave attackers an open door into its...

CVE-2020-35395

CVE-2020-35395 describes a stored XSS vulnerability in the EGavilan Media Expense Management System 1.0, affecting the Add Expense Component. The underlying issue is that the attacker-supplied string in the description field can inject JavaScript, leading to persistent client-side code execution....

Aovec<T> lacks bound on its Send and Sync traits allowing data races

aovec::Aovec is a vector type that implements Send and Sync for all types T. This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption...

RHEL 8 : microcode_ctl (RHSA-2020:5369)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5369 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Information disclosure issue in Intel SGX via RAPL...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3372-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX bsc1170446 - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 bsc1173594 - CVE-2020-8696: Vector Register...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3457-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX INTEL-SA-00389 bsc1170446 - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 bsc1173594 - CVE-2020-8696: Vect...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3514-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201118 official release. bsc1178971 - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX INTEL-SA-00389 bsc1170446 -...