277 matches found
kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible
A potential deadlock flaw was found in the Linux’s kernel DVB API used by Digital TV devices functionality. This flaw allows a local user to crash the system...
BIT-MATTERMOST-2023-48732
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
SUSE CVE-2020-36777
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvbmediadevicefree dvbmediadevicefree is leaking memory. Free dvbdev-adapter-conn before setting it to NULL, as documented in include/media/media-device.h: "The mediaentity instance itself must b...
kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible
A potential deadlock flaw was found in the Linux’s kernel DVB API used by Digital TV devices functionality. This flaw allows a local user to crash the system...
The vulnerability of the dvb_dmx_write() function in the drivers/media/dvb-core/dvb_demux.c file of the Linux operating system’s DVB driver allows a hacker to cause a service failure.
The vulnerability of the dvbdmxwrite function in the drivers/media/dvb-core/dvbdemux.c file of the Linux operating system’s DVB driver is related to the swapping of a null pointer due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to cause...
kernel: Report vmalloc UAF in dvb-core/dmxdev
A use-after-free flaw was found in the Linux kernel’s dvb-core subsystem DVB API used by Digital TV devices in how a user physically removed a USB device such as a DVB demultiplexer device while running malicious code. This flaw allows a local user to crash or potentially escalate their privilege...
What is Kafka?
Introduction to the Universe of Kafka: A Detailed Synopsis Apache Kafka, frequently just labeled as Kafka, is a universally contributed event broadcasting framework, intended to manage live streaming of data. It is engineered to be a bridge for significant volumes of data, offering a mechanism fo...
Mattermost notified all users in the channel when using WebSockets to respond individually
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
GHSA-Q7RX-W656-FWMV Mattermost notified all users in the channel when using WebSockets to respond individually
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732 Keywords that trigger mentions are leaked to other users
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732 Keywords that trigger mentions are leaked to other users
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732
Mattermost (Mattermost server) vulnerability CVE-2023-48732: WebSocket responses were not properly scoped to individual notified users, causing disclosure of who was notified about a post to all users in the channel. Exploitation status not detailed in provided documents, and no explicit in-the-w...
CVE-2023-6895
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...
CVE-2023-6894
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...
Command injection
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...
Design/Logic Flaw
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...
CVE-2023-6895 Hikvision Intercom Broadcasting System ping.php os command injection
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...
CVE-2023-6895 Hikvision Intercom Broadcasting System ping.php os command injection
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...
CVE-2023-6895
Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) contains an OS command injection in /php/ping.php via jsondata[ip], where the attacker-provided input (e.g., netstat -ano) can execute commands. Public exploit details exist; upgrading to version 4.1.0 addresses the issue.