408 matches found
UBUNTU-CVE-2023-53442
In the Linux kernel, the following vulnerability has been resolved: ice: Block switchdev mode when ADQ is active and vice versa ADQ and switchdev are not supported simultaneously. Enabling both at the same time can result in nullptr dereference. To prevent this, check if ADQ is active when changi...
CVE-2023-53442 ice: Block switchdev mode when ADQ is active and vice versa
In the Linux kernel, the following vulnerability has been resolved: ice: Block switchdev mode when ADQ is active and vice versa ADQ and switchdev are not supported simultaneously. Enabling both at the same time can result in nullptr dereference. To prevent this, check if ADQ is active when changi...
CVE-2024-12923
A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: Photo...
CVE-2025-57802
Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...
CVE-2025-38608
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpfmsgpopdata in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, w...
CVE-2025-38608
The CVE-2025-38608 issue is a Linux kernel vulnerability in bpf/ktls that can cause data corruption by failing to recalculate ciphertext length after plaintext length reduction via socket policy, resulting in uninitialized data being transmitted in TLS records. The impact is network-layer data in...
CVE-2025-38608
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpfmsgpopdata in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, w...
CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data...
CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data...
CVE-2025-6249
CVE-2025-6249 affects the FileZ client application. The connected sources describe an authentication bypass vulnerability that could allow a local attacker with elevated permissions to access application data. The issue targets the FileZ client, with root cause aligned to bypassing authentication...
CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data...
CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data...
PT-2025-29961 · Filez · Filez
Name of the Vulnerable Software and Affected Versions: FileZ client application affected versions not specified Description: An authentication bypass exists in the FileZ client application. A local attacker with elevated permissions may gain access to application data. Recommendations: At the...
PT-2025-29375 · Go · Github.Com/Lf-Edge/Ekuiper +1
Summary Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data o...
CVE-2025-45081
Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data...
CVE-2025-45081
CVE-2025-45081 concerns IITB SSO v1.1.0, where misconfigured settings allow attackers to access sensitive application data. The available connected sources confirm the issue is tied to IITB SSO 1.1.0 and a configuration flaw rather than a code defect, with CVSS v3.1 base score 8.8 (HIGH) and an a...
Malicious code in application-data (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db3bf4666074d14ba6a27a4c7851e0abdd35a89b6c5f9833996d9d8b774fd2e3 Any computer that has this package installed or running should be considered...
MAL-2025-5322 Malicious code in application-data (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db3bf4666074d14ba6a27a4c7851e0abdd35a89b6c5f9833996d9d8b774fd2e3 Any computer that has this package installed or running should be considered...
CVE-2025-49192
CVE-2025-49192 is a clickjacking vulnerability affecting SICK Field Analytics and SICK Media Server, where the web UI can be embedded in a frame to mislead users and potentially expose confidential data or enable control gains. The issue is described across multiple sources (SICK PSIRT and relate...
Feng Office 代码问题漏洞
Feng Office formerly known as OpenGoo is an open source online office system by the Feng Office team. The system provides task management, schedule management, document management and Email sending and receiving functions. A code issue vulnerability exists in Feng Office version 3.2.2.1, which...