Lucene search
K

277 matches found

RedHat Linux
RedHat Linux
added 2024/03/19 5:43 p.m.3 views

kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible

A potential deadlock flaw was found in the Linux’s kernel DVB API used by Digital TV devices functionality. This flaw allows a local user to crash the system...

5.5CVSS7.1AI score0.00413EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:58 a.m.35 views

BIT-MATTERMOST-2023-48732

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...

4.3CVSS4.1AI score0.00459EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/02/29 4:7 a.m.1 views

SUSE CVE-2020-36777

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvbmediadevicefree dvbmediadevicefree is leaking memory. Free dvbdev-adapter-conn before setting it to NULL, as documented in include/media/media-device.h: "The mediaentity instance itself must b...

3.3CVSS5.8AI score0.00242EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/02/21 12:33 a.m.3 views

kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible

A potential deadlock flaw was found in the Linux’s kernel DVB API used by Digital TV devices functionality. This flaw allows a local user to crash the system...

5.5CVSS6.6AI score0.00413EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/02/13 12:0 a.m.7 views

The vulnerability of the dvb_dmx_write() function in the drivers/media/dvb-core/dvb_demux.c file of the Linux operating system’s DVB driver allows a hacker to cause a service failure.

The vulnerability of the dvbdmxwrite function in the drivers/media/dvb-core/dvbdemux.c file of the Linux operating system’s DVB driver is related to the swapping of a null pointer due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to cause...

5.3CVSS5.5AI score0.00175EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/01/25 8:13 a.m.3 views

kernel: Report vmalloc UAF in dvb-core/dmxdev

A use-after-free flaw was found in the Linux kernel’s dvb-core subsystem DVB API used by Digital TV devices in how a user physically removed a USB device such as a DVB demultiplexer device while running malicious code. This flaw allows a local user to crash or potentially escalate their privilege...

5.5CVSS6.6AI score0.00778EPSS
Exploits1References5
Wallarm Lab
Wallarm Lab
added 2024/01/15 9:34 a.m.26 views

What is Kafka?

Introduction to the Universe of Kafka: A Detailed Synopsis Apache Kafka, frequently just labeled as Kafka, is a universally contributed event broadcasting framework, intended to manage live streaming of data. It is engineered to be a bridge for significant volumes of data, offering a mechanism fo...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/01/02 12:30 p.m.28 views

Mattermost notified all users in the channel when using WebSockets to respond individually

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...

4.3CVSS6.5AI score0.00459EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2024/01/02 12:30 p.m.20 views

GHSA-Q7RX-W656-FWMV Mattermost notified all users in the channel when using WebSockets to respond individually

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...

5.3CVSS4.1AI score0.00459EPSS
Exploits0References5
NVD
NVD
added 2024/01/02 10:15 a.m.20 views

CVE-2023-48732

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...

4.3CVSS4.3AI score0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/02 9:52 a.m.29 views

CVE-2023-48732 Keywords that trigger mentions are leaked to other users

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...

4.3CVSS4.7AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2024/01/02 9:52 a.m.22 views

CVE-2023-48732 Keywords that trigger mentions are leaked to other users

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...

4.3CVSS5.9AI score0.00459EPSS
Exploits0References3
CVE
CVE
added 2024/01/02 9:52 a.m.244 views

CVE-2023-48732

Mattermost (Mattermost server) vulnerability CVE-2023-48732: WebSocket responses were not properly scoped to individual notified users, causing disclosure of who was notified about a post to all users in the channel. Exploitation status not detailed in provided documents, and no explicit in-the-w...

4.3CVSS4.3AI score0.00459EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/17 8:15 a.m.8 views

CVE-2023-6895

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

9.8CVSS5.5AI score0.89138EPSS
Exploits2References3
NVD
NVD
added 2023/12/17 8:15 a.m.40 views

CVE-2023-6894

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

6.5CVSS0.00984EPSS
Exploits1References3
Prion
Prion
added 2023/12/17 8:15 a.m.23 views

Command injection

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

5.8CVSS8AI score0.89138EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/12/17 8:15 a.m.25 views

Design/Logic Flaw

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

3.3CVSS6.7AI score0.00984EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/17 8:0 a.m.47 views

CVE-2023-6895 Hikvision Intercom Broadcasting System ping.php os command injection

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

6.3CVSS10AI score0.89138EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/12/17 8:0 a.m.17 views

CVE-2023-6895 Hikvision Intercom Broadcasting System ping.php os command injection

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

6.3CVSS7.6AI score0.89138EPSS
Exploits2References3
CVE
CVE
added 2023/12/17 8:0 a.m.108 views

CVE-2023-6895

Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) contains an OS command injection in /php/ping.php via jsondata[ip], where the attacker-provided input (e.g., netstat -ano) can execute commands. Public exploit details exist; upgrading to version 4.1.0 addresses the issue.

9.8CVSS7.5AI score0.89138EPSS
In wildExploits2References3Affected Software1
Rows per page
Query Builder