133 matches found
The vulnerability of the CUPS printing server stems from deficiencies in the authentication process, which allows attackers to escalate their privileges.
The vulnerability of the CUPS printing server is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to increase their privileges...
GSD-2022-1004709 drm/panfrost: Fix shrinker list corruption by madvise IOCTL
drm/panfrost: Fix shrinker list corruption by madvise IOCTL This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.207 by commit...
GSD-2022-1004702 Revert "evm: Fix memleak in init_desc"
Revert "evm: Fix memleak in initdesc" This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.207 by commit 31e99fa969fd67d77ea92c5527c9cf1c85faa58...
logrotate 安全漏洞
logrotate is a utility program. It is designed to simplify the management of systems that generate large numbers of log files. A security vulnerability exists in logrotate that stems from a problem with the way logrotate uses status files. An attacker could exploit the vulnerability to lock the...
Default configuration
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files such as DLLs or replace existing executable files...
GSD-2022-1000801 RDMA/ib_srp: Fix a deadlock
RDMA/ibsrp: Fix a deadlock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.26 by commit c8b56e51aa91b8e7df3a98388dce3fdabd15c1d4, it was...
Jenkins Support Core 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Support Core Plugin 2.79 and earlier versions are vulnerable to an information disclosure vulnerability that stems...
GSD-2021-1002344 staging: rtl8723bs: remove a second possible deadlock
staging: rtl8723bs: remove a second possible deadlock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...
The vulnerability of the zmq::tcp_read() function in the libzmq library, a library for asynchronous messaging in ZeroMQ, allows a attacker to cause a service failure.
The vulnerability of the zmq::tcpread function in the libzmq library, a library for asynchronous messaging, is related to the failure of write operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...
GSD-2021-1000162 perf/core: Fix unconditional security_locked_down() call
perf/core: Fix unconditional securitylockeddown call This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.35 by commit...
Huawei P30 Memory Write Overrun Vulnerability
Huawei P30 is a smartphone from Chinese company Huawei Huawei. Huawei P30 suffers from a memory write out-of-bounds vulnerability. The vulnerability is due to insufficient validation of incoming parameters, a write out-of-bounds occurs in one of the system's protocols when processing a request...
The vulnerability of the authentication interface in Junos operating system routers of the EX, QFX, and SRX series allows a attacker to cause a service failure.
The vulnerability of the 802.1X authentication interface in Junos routing devices of the EX, QFX, and SRX series is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Secdo security incident investigation software lies in the insufficient validation of input data, allowing an intruder to add data to the root directory.
The vulnerability of the Secdo security incident investigation software exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to add data to the root catalog...
Varnish Cache Information Disclosure Vulnerability
Varnish Cache is a set of reverse web caching servers. A security vulnerability exists in Varnish Cache that stems from a failure of the program to clear the pointer to the previous request when processing the next client request in the same connection. An attacker could exploit this vulnerabilit...
Memory corruption vulnerability exists in WPS Office (CNVD-2020-23730)
WPS Office is a Kingsoft office software produced by the office software, you can realize the office software commonly used text, forms, presentations and other functions. WPS Office memory corruption vulnerability, attackers can use the vulnerability to cause the program to crash, may obtain...
SAP Landscape Management Information Disclosure Vulnerability
SAP Landscape Management is a management tool that enables SAP foundation administrators to automate SAP system operations, including end-to-end SAP system replication or refresh operations. An unspecified information disclosure vulnerability exists in SAP Landscape Management. This vulnerability...
SAP HANA Cockpit for Offline Administration Information Disclosure Vulnerability
SAP HANA is a suite of real-time data analytics platforms from Germany's SAP. An information disclosure vulnerability exists in SAP HANA Cockpit for Offline Administration. An attacker can exploit the vulnerability to obtain sensitive information that could lead to running further attacks...
Oracle Solaris has a local vulnerability
Oracle Solaris is a unix-based operating system. A local vulnerability exists in Oracle Solaris that could be exploited by an attacker to compromise a 'Libc' subcomponent...
CuteNews 1.3 Comment HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10750/info CutePHP is reported prone to an HTML injection vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not...
BigACE 2.7.5 - 'LANGUAGE' Directory Traversal
source: https://www.securityfocus.com/bid/66350/info BIGACE Web CMS is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access o...