13470 matches found
GSD-2022-1006984 udp: Update reuse->has_conns under reuseport_lock.
udp: Update reuse-hasconns under reuseportlock. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.76 by commit...
GSD-2022-1006843 net/ieee802154: reject zero-sized raw_sendmsg()
net/ieee802154: reject zero-sized rawsendmsg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006840 drm/mipi-dsi: Detach devices when removing the host
drm/mipi-dsi: Detach devices when removing the host This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006833 drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
drm/msm/dpu: index dpukms-hwvbif using vbifidx This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006809 RDMA/siw: Fix QP destroy to wait for all references dropped.
RDMA/siw: Fix QP destroy to wait for all references dropped. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006790 crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
crypto: hisilicon/zip - fix mismatch in get/set sglsgenr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
Information disclosure
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...
CVE-2022-45136
CVE-2022-45136 affects Apache Jena SDB 3.17.0 and earlier. The vulnerability is a JDBC Deserialisation flaw that can lead to remote code execution when an attacker controls the JDBC URL or causes the database to return malicious data; the MySQL JDBC driver is specifically implicated. Jena SDB has...
Transfer error can fail unnoticed
Lines of code Vulnerability details Impact Quoting Solidity docs: The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed...
Without strictly verifying the attribution of balance and the size of the balance when refunding, hackers may use the attack to steal all ERC20 tokens!
Lines of code Vulnerability details Impact When using any ERC20 token to purchase NFT, after the purchase is successful, the 108th line of code in the contract LooksRareAggregator determines whether there are any remaining unused ERC20 tokens. If there is any remaining, it will be returned to the...
Denial of Service Vulnerability in Pbzip2
PBZIP2 is a concurrent compression program. A denial of service vulnerability exists in Pbzip2, which can be exploited by an attacker to cause a denial of service attack...
CVE-2022-35740
dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...
CVE-2022-20872
Cisco Firepower Management Center (FMC) faces multiple stored XSS vulnerabilities in its web-based management interface due to insufficient validation of user input. An authenticated, remote attacker could supply crafted input in various FMC UI fields to execute script code within the interface o...
CVE-2022-20843
CVE-2022-20843 pertains to multiple stored XSS flaws in the Cisco Firepower Management Center (FMC) web-based management interface. The issues arise from insufficient validation of user-supplied input in the FMC UI, allowing an authenticated, remote attacker to inject crafted input that executes ...
CVE-2022-20840
Cisco Firepower Management Center (FMC) is affected by CVE-2022-20840, a set of stored cross-site scripting (XSS) vulnerabilities in the FMC web-based management interface. The flaws arise from insufficient validation of user-supplied input in the interface, allowing an authenticated, remote atta...
CVE-2022-20839
Cisco Firepower Management Center (FMC) web UI contains multiple stored XSS vulnerabilities due to insufficient input validation. An authenticated, remote attacker could inject crafted input via FMC interface fields to execute script code in the user’s browser or access browser-based data; availa...
CVE-2022-20836
CVE-2022-20836 corresponds to multiple stored XSS vulnerabilities in Cisco Firepower Management Center (FMC) web interface. Affected component: FMC’s web-based management UI; root cause: insufficient validation of user-supplied input, enabling an authenticated, remote attacker to inject arbitrary...
CVE-2022-20835
CVE-2022-20835 affects Cisco Firepower Management Center (FMC) web-based management interface. The issue stems from insufficient validation of user-supplied input, allowing an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack by inserting crafted input into inte...
CVE-2022-20834
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20833
CVE-2022-20833 concerns multiple stored XSS flaws in the web-based management interface of Cisco Firepower Management Center (FMC). The root cause is inadequate validation of user-supplied input in the FMC web UI, enabling an authenticated, remote attacker to inject script code via various data f...