85 matches found
CVE-2022-24903: A flaw in rsyslog TCP module could allows an attacker to craft a malicious message leading to a heap-based buffer overflow.
Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...
CVE-2021-23017: NGINX Resolver Vulnerability
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...
CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Security Advisory ID: BSA-2022-1752 Component: OpenSSL Revision: 2.0 The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. More information is at https://www.openssl.org/news/secadv/20220315.txt Affected Products Broca...
Security Bulletin: IBM Cognos BI 8.4 Partial Denial of Service Vulnerability
Abstract A malicious IBM Cognos BI 8.4 user is able to send a crafted request to the Cognos server which triggers high CPU utilization that may cause a partial denial of service condition due to CPU consumption. This vulnerability can only be exploited by authenticated users, and is not applicabl...
CVE-2018-0732. Client DoS due to large DH parameter.
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
CVE-2021-29650. The netfilter subsystem allows attackers to cause a denial of service.
Security Advisory ID : BSA-2022-1462 Component : Kernel Revision : 1.0 A denial-of-service DoS flaw was identified in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service panic because net/netfilter/xtables.c and include/linux/netfilter/xtables.h...
SQL injection in pagekit/pagekit
Pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. The configAction in SettingsController allow user to set the order of comments listing. The allowed options are ASC and DESC. That config then get concatenated directly to the SQL query. Due to the fact that there...
CVE-2020-10234
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic aka BSOD follows. The IOCTL codes can be found in the dispatch function:...
abracadabra (>=0.0.0 <=0.0.5), adversarial-labeller (=0.1.8) +210 more potentially affected by CVE-2021-23980 via bleach (>=1.2.2 <=3.2.3)
bleach PYPI version =1.2.2, =0.0.0, =1.0.0, =0.0.1, =1.10.0, =0.1.0, =0.0.6, =0.3.0, =0.0.9, =0.3.4, =0.0.5, =0.1.0rc1, =0.1.3, =1.0.0 and more Source cves: CVE-2021-23980 Source advisory: OSV:PYSEC-2021-865...
aSc TimeTables 2021.6.2 Denial Of Service
Exploit Title: aSc TimeTables 2021.6.2 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2021.6.2 Tested on: Windows 10 Home x64 STEPS Open the program aS...
aSc TimeTables 2021.6.2 - Denial of Service (PoC)
Exploit Title: aSc TimeTables 2021.6.2 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2021.6.2 Tested on: Windows 10 Home x64 STEPS Open the program aS...
asc-usa.com Cross Site Scripting vulnerability OBB-1465168
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-14961
Concrete5 before 8.5.3 is vulnerable because it does not constrain the sort direction to a valid asc or desc value. The CVE-2020-14961 entry documents this issue in Concrete5, and Red Hat, OSV, GitHub advisories, and the NVD/NVD mirror consistently describe the vulnerable condition as part of Con...
Misconfigured Kubeflow workloads are a security risk
Azure Security Center ASC monitors and defends thousands of Kubernetes clusters running on top of AKS. Azure Security Center regularly searches for and research for new attack vectors against Kubernetes workloads. We recently published a blog post about a large scale campaign against Kubernetes...
asc.edu.bd Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1179428 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
aSc TimeTables 2020.11.4 - Denial of Service Exploit
Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2020.11.4 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program aSc...
aSc TimeTables 2020.11.4 Denial Of Service
Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service PoC Date: 2020-24-02 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2020.11.4 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open th...
aSc TimeTables 2020.11.4 - Denial of Service (PoC)
aSc TimeTables 2020.11.4 - Denial of Service PoC Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service PoC Date: 2020-24-02 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2020.11.4 Teste...
WordPress Core 5.2.3 - Viewing UnauthenticatedPasswordPrivate Posts
WordPress Core 5.2.3 - Viewing UnauthenticatedPasswordPrivate Posts So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc - orderby - m with m=YYYY, m=YYYYMM or m=YYYYMMDD date format...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +360 more potentially affected by CVE-2018-10055 via tensorflow (>=1.0.1 <=1.7.0)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.3.1, =0.1.0, =0.4.2, =0.1.0, =0.4.0, =0.1.0, =0.3.1 and more Source cves: CVE-2018-10055 Source advisory: OSV:PYSEC-2019-204...