SUSE CVE-2020-11880

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an...

SUSE CVE-2020-11879

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...

SUSE CVE-2022-3646

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfsattachlogwriter of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply ...

The vulnerability of the nilfs_attach_log_writer function (fs/nilfs2/segment.c) in the Linux kernel’s BPF component allows a attacker to cause a service failure.

The vulnerability of the nilfsattachlogwriter function located in segment.c of fs/nilfs2 in the Linux kernel’s BPF component is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Open vSwitch multi-level switch software, related to the loss of the significance of a whole number, allows an attacker to execute arbitrary code in the target system.

The vulnerability of the Open vSwitch multi-level switch lies in the loss of significance of a whole number during the analysis of Auto Attach TLV. Exploiting this vulnerability allows an attacker to send specially crafted LLDP messages to the vulnerable system, causing a full number of significa...

The vulnerability of the Open vSwitch multi-level switch lies in the loss of significance of a whole number, allowing an attacker to execute any code in the target system.

The vulnerability of the Open vSwitch multi-level switch lies in the loss of significance of a whole number during the Auto Attach TLV process. Exploiting this vulnerability allows an attacker to send specially crafted LLDP messages to the vulnerable system, causing a full number of significant...

GSD-2023-1000789 drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure

drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

GSD-2023-1000622 bpf: prevent leak of lsm program after failed attach

bpf: prevent leak of lsm program after failed attach This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

PT-2023-33866 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the removal of a panel on DSI attach failure in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kerne...

PT-2024-11881 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc3+ Description: A null pointer dereference issue has been identified in the Linux kernel. The issue occurs when the probe function fails in phy attach direct, causing a null pointer dereference in device...

Vulnerability found in SugarCRM

A new vulnerability may have been found in SugarCRM. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Web server. The described vulnerability is said to be located in the AttachFiles action o...

PT-2023-1101 · Unknown +6 · Openvswitch +6

Name of the Vulnerable Software and Affected Versions: OpenvSwitch affected versions not specified Description: The issue is related to an out-of-bounds read in Organization Specific TLV found in OpenvSwitch. It can be exploited by sending specially crafted LLDP messages to the vulnerable system,...

PT-2025-49704

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc3-next 370 Description A use-after-free issue exists in the ext4 filesystem's orphan inode cleanup routine. Specifically, when the ext4 inode attach jinode function fails with -ENOMEM during orphan cleanu...

co.elastic.apm:apm-agent-attach-cli (>=1.26.0 <=1.49.0), com.adobe.documentservices:pdfservices-sdk (>=2.2.2 <=3.5.0) +105 more potentially affected by CVE-2022-45146 via org.bouncycastle:bc-fips (>=1.0.1 <=1.0.2.3)

org.bouncycastle:bc-fips MAVEN version =1.0.1, =1.26.0, =2.2.2, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =3.0.34.RELEASE, =8.0.0, =16.1.0, =1.2.0, =3.1.23, =3.0.0-FINAL, =3.0.0-FINAL, =0.6.0, =0.7.0 - io.github.embedded-middleware:embedded-bookkeeper-core =0.0.1 and more Source cves:...

xdg-utils 安全漏洞

xdg-utils is a software from the xdg organization that provides integrated functionality for desktop systems. A security vulnerability exists in xdg-utils xdg-mail that stems from incorrect URL parsing when configured to use thunderbird's mailto URL, which may result in passing additional headers...

AZL-11388 CVE-2022-40284 affecting package ntfs-3g for versions less than 2022.10.3-1

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon...

Exploit for Code Injection in Apache Commons_Text

cve-2022-42889-intercept It should be noted that versions...

CVE-2022-42154

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-26287 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.13.0 Description: An arbitrary file upload issue in the "/api/admin/upload/attach" API endpoint allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For 74cmsSE version 3.13.0, consider disabli...

PT-2022-34653 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.145 Description: A potential security issue exists due to a missing lock in the cgroup attach task all function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Lin...