362 matches found
CVE-2025-38690 drm/xe/migrate: prevent infinite recursion
In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent infinite recursion If the buf + offset is not aligned to XECAHELINEBYTES we fallback to using a bounce buffer. However the bounce buffer here is allocated on the stack, and the only alignment requirement...
PT-2025-35963
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the drm/xe/migrate component that could lead to infinite recursion and a potential kernel panic. This occurs when handling memory alignment duri...
Linux Distros Unpatched Vulnerability : CVE-2020-8794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerabilit...
Malicious code in xo-bounce (npm)
The package xo-bounce was found to contain malicious code...
MAL-2025-39899 Malicious code in xo-bounce (npm)
The package xo-bounce was found to contain malicious code...
CVE-2020-36399
A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module...
CVE-2007-6741
The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
CVE-2025-25061
CVE-2025-25061 affects JTEKT/HMI ViewJet C-more and HMI GC-A2 series. Description: an unintended proxy/intermediary (Confused Deputy) vulnerability could allow a remote unauthenticated attacker to use the product as an intermediary for an FTP bounce attack. Impact: attacker may misuse the product...
JTEKT ELECTRONICS HMI ViewJet C-more 安全漏洞
JTEKT ELECTRONICS HMI ViewJet C-more is a series of human-machine interfaces from JTEKT ELECTRONICS, Japan. A security vulnerability exists in JTEKT ELECTRONICS HMI ViewJet C-more that stems from a proxy issue that could lead to an FTP bounce attack...
PT-2025-14826 · Unknown · Hmi Gc-A2 Series +1
Name of the Vulnerable Software and Affected Versions: HMI ViewJet C-more series affected versions not specified HMI GC-A2 series affected versions not specified Description: The issue is related to an unintended proxy or intermediary problem, also known as 'Confused Deputy', which may allow a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...
CVE-2024-9938
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9938
CVE-2024-9938 concerns Bounce Handler MailPoet 3 for WordPress, vulnerable to a Reflected Cross-Site Scripting (XSS) via the page parameter in versions
WordPress plugin Bounce Handler MailPoet 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Bounce Handler MailPoet 3 plugin <= 1.3.21 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Bounce Handler MailPoet 3 versions = 1.3.21...
WordPress Bounce Handler MailPoet 3 Plugin <= 1.3.21 is vulnerable to Cross Site Scripting (XSS)
Software Bounce Handler MailPoet 3 Type Plugin Vulnerable versions = 1.3.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9938 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ab6f81da0c5a Credits Colin Xu...