13470 matches found
GSD-2023-1002254 HID: betop: check shape of output reports
HID: betop: check shape of output reports This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.272 by commit...
GSD-2023-1002192 ixgbe: fix pci device refcount leak
ixgbe: fix pci device refcount leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.164 by commit 112df4cd2b09acd64bcd18f5ef83ba5d07b34bf0...
GSD-2023-1002126 mm: Always release pages to the buddy allocator in memblock_free_late().
mm: Always release pages to the buddy allocator in memblockfreelate. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.89 by commit...
GSD-2023-1002042 block, bfq: replace 0/1 with false/true in bic apis
block, bfq: replace 0/1 with false/true in bic apis This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...
GSD-2023-1002016 arm64/mm: fix incorrect file_map_count for invalid pmd
arm64/mm: fix incorrect filemapcount for invalid pmd This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...
GSD-2023-1002010 iommu/iova: Fix alloc iova overflows issue
iommu/iova: Fix alloc iova overflows issue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...
GSD-2023-1002000 sched/core: Fix arch_scale_freq_tick() on tickless systems
sched/core: Fix archscalefreqtick on tickless systems This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...
GSD-2023-1001946 erofs: fix kvcalloc() misuse with __GFP_NOFAIL
erofs: fix kvcalloc misuse with GFPNOFAIL This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...
GSD-2023-1001938 wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
wifi: rndiswlan: Prevent buffer overflow in rndisqueryoid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...
GSD-2023-1001902 net: fec: Use page_pool_put_full_page when freeing rx buffers
net: fec: Use pagepoolputfullpage when freeing rx buffers This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...
CVE-2023-23553 X-400 Cross-Site Scripting
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...
Cross site scripting
The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
The advanced persistent threat APT actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's als...
CVE-2023-22367
CVE-2023-22367 affects Ichiran App for iOS and Android versions before 3.1.0. Root cause: improper verification of server certificates, enabling a remote attacker to perform a MITM and eavesdrop on encrypted traffic. Mitigation: update to 3.1.0 or later (as noted by multiple sources). If exploita...
CKSource CKEditor5 35.4.0 Cross Site Scripting Vulnerability
Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 w...
Cost Calculator <= 1.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC ndcostcalculator id='"...
MAL-2023-1760 Malicious code in ddiscord-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx cf203b8bdd905df16a784bbd81081277e5f391b3278fed2c20b25c0d0fad91de Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-2263 Malicious code in simpleson (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a8398dd223d6178adff113609d24fa1658ebb076e6a38dec8557863e6d4c49da Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Fedora 37 : openssl (2023-57f33242bc)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-57f33242bc advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...
MAL-2023-2061 Malicious code in pygae (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6301ae2336df6bff7291e2c2573eb68eeb858258305836025e6d29ef9203a01e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...