23 matches found
CVE-2026-7143
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
EUVD-2026-25894
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2026-7143 1000 Projects Portfolio Management System MCA block_status.php sql injection
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2026-7143 1000 Projects Portfolio Management System MCA block_status.php sql injection
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2026-7143
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2026-7143
CVE-2026-7143 affects the 1000 Projects Portfolio Management System MCA (up to version 1.0). The vulnerability is located in an unknown function of the file /admin/block_status.php, where improper handling of the q parameter enables SQL injection. A remote attacker could exploit this, and publicl...
1000 Projects Portfolio Management System MCA 注入漏洞
The 1000 Projects Portfolio Management System MCA is an open-source combination management system developed by 1000 Projects. Versions of the 1000 Projects Portfolio Management System MCA, including version 1.0 and earlier, had a SQL injection vulnerability. This vulnerability stemmed from the...
PT-2026-35498
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
CLSA-2026-1775809438 nbdkit: Fix of CVE-2025-47711
CVE-2025-47711: fix off-by-one for maximum blockstatus length...
NewStart CGSL MAIN 6.06 (SP) : qemu Multiple Vulnerabilities (NS-SA-2026-0014)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has qemu packages installed that are affected by multiple vulnerabilities: - A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a...
Astra Linux - уязвимость в nbdkit
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service...
Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
...
Security update for nbdkit
This update for nbdkit fixes the following issues: Update to version 1.36.5. Security fixes: CVE-2025-47712: integer overflow in blocksize filter when processing client block status requests larger than 232 will trigger an assertion failure and cause a denial-of-service. bsc1243108. CVE-2025-4771...
UBUNTU-CVE-2025-47712
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service...
CVE-2025-47711
CVE-2025-47711 concerns the nbdkit server: when handling responses from plugins about data block status, a client requesting a very large range and receiving a larger single block can trigger a critical internal error, causing a denial of service. The connected advisories document affected distri...
CVE-2025-47711 Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error,...
CVE-2025-47711 Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error,...
scsi: ufs: bsg: Set bsg_queue to NULL after removal
...
SUSE CVE-2022-49168
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bioendio on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs...
AZL-59135 CVE-2022-49168 affecting package kernel for versions less than 5.15.184.1-1
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bioendio on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs...