1389 matches found
CVE-2019-25022
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...
CVE-2019-9725
The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...
CVE-2018-5265
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters...
kernel: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...
Intel Xeon 6 Processor 安全漏洞
The Intel Xeon 6 Processor is a new generation of server processors from Intel aimed at data centers, artificial intelligence AI and high performance computing HPC. The Intel Xeon 6 Processor suffers from an elevation of privilege vulnerability that stems from insufficient control flow management...
PT-2025-29006
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the pinctrl subsystem, specifically within the at91 component. The at91 gpio probe function does not validate the availability of an OF alias,...
MAL-2025-3531 Malicious code in nsemea-alias-lib-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a6452557c7bf4d2ec5fa907c2a427e3ee1cdff756a76f9d2369a64a48e239d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @baywa-re-lusy/nsemea-alias-lib-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f67616e336d1069f944f5d2fb535344c5f54f4d5d99c99811786e5dd237824a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nsemea-alias-lib-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a6452557c7bf4d2ec5fa907c2a427e3ee1cdff756a76f9d2369a64a48e239d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
UBUNTU-CVE-2021-47669
In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcanxmit: fix use after free bug After calling netifrxniskb, dereferencing skb is unsafe. Especially, the canfdframe cfd which aliases skb memory is accessed after the netifrxni...
Vulnerabilities of the MODULE_ALIAS() and j1939_send_one() functions (net/can/j1939/main.c) in the Linux operating system kernel, allowing a hacker to trigger a service failure
The vulnerability of the MODULEALIAS and j1939sendone functions net/can/j1939/main.c in the Linux operating system kernel is related to the use of uninitialized resources. Exploiting this vulnerability could allow an attacker to cause a service failure...
Denial Of Service (DoS)
org.openidentityplatform.opendj, opendj-server-legacy is vulnerable to a Denial Of Service DoS. The vulnerability is due to an alias loop in the LDAP database, which allows an attacker to make the server unresponsive to all LDAP requests due to infinite alias dereferencing...
UBUNTU-CVE-2025-57833
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...
CVE-2025-27497
OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service DoS vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsear...
OpenDJ Denial of Service (DoS) using alias loop
Summary A denial-of-service DoS vulnerability in OpenDJ has been discovered that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsearch request is executed with alias...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop. An attacker can cause the server to become unresponsive to all LDAP requests without crashing or restarting by executing a crafted ldapsearch request with alias dereferencing set to "always" on an alias loop entry. PoC...
GHSA-93QR-H8PR-4593 OpenDJ Denial of Service (DoS) using alias loop
Summary A denial-of-service DoS vulnerability in OpenDJ has been discovered that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsearch request is executed with alias...
CVE-2025-27497
OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service DoS vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsear...
CVE-2025-27497 OpenDJ Denial of Service (Dos) using alias loop
OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service DoS vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsear...
CVE-2025-27497
Summary for CVE-2025-27497 : OpenDJ (LDAPv3 directory service) prior to 4.9.3 is vulnerable to a denial-of-service caused by an alias loop in the LDAP database. When an ldapsearch request dereferences aliases with type "always" on an alias entry, the server becomes unresponsive to all LDAP reques...