160 matches found
Interest surplus is accumulated on Master accounting update in TurboSafe.less
Lines of code Vulnerability details Impact There will be an interest surplus accumulating in all the master accounting variables totalBoosted, getTotalBoostedForVault and getTotalBoostedAgainstCollateral. As getTotalBoostedForVault and getTotalBoostedAgainstCollateral are used in the checks again...
PT-2025-8224
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock issue has been identified in the Linux kernel related to the Ceph file system. The issue occurs when a file is created with O RDWR and a request is sent to the...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
SUSE: Security Advisory (SUSE-SU-2020:1748-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-2331 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the Win32k component of the Windows operating system. It allows an attacker to elevate their privileges. There is a race condition a...
crown-caps-king.com Cross Site Scripting vulnerability OBB-1405018
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Chrome NewFixedArray Missing Array Size Check Vulnerability
Chrome suffers from a missing array size check in NewFixedArray. Chrome: Missing array size check in NewFixedArray VULNERABILITY DETAILS V8 caps the number of elements a fixed array can contain1. Most of the code that needs to create or resize a fast JS array i.e. one that's backed by a fixed arr...
Facebook Launches 'Discover,' A Secure Proxy to Browse the Internet for Free
More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back at it again with a new zero-rating initiative called Discover. The service, available as a mobile web and Android app, allows users to browse the Internet...
MS15-081: Description of the security update for Word 2013: August 11, 2015
Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office...
CVE-2019-13417
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...
Cross site scripting
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...
CVE-2019-12513 Stored XSS via DHCP Discover Request Hostname
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...
A History of Plans to Nuke Hurricanes (and Other Stuff Too)
If you think dropping a nuclear bomb into the eye of a hurricane is a bad idea, wait'll you see what they had in mind for the polar ice caps...
CVE-2019-13417
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...
CVE-2019-13417
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...
Design/Logic Flaw
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...
CVE-2019-13417
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...
PT-2019-13329 · Floragunn · Search Guard
Name of the Vulnerable Software and Affected Versions: Search Guard versions prior to 24.0 Description: The issue concerns field caps and mapping API leaking field names, but not values, for fields that are not allowed for the user when field level security FLS is activated. This occurs in Search...
Honeywell Scada System - Information Disclosure
Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the destination IP address...