Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mcbausb driver's failure to implement the ndochangemtu function, which could lead to a buffer overflow...

net_sched: red: fix a race in __red_change()

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from netsched red competing conditions in redchange...

CVE-2025-5323

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function sendemailchangeuseremail of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The...

PT-2025-23188 · Fossasia · Open-Event-Server

Name of the Vulnerable Software and Affected Versions: fossasia open-event-server version 1.19.1 Description: A problematic issue has been found in the Mail Verification Handler component, specifically affecting the send email change user email function. This issue leads to reliance on obfuscatio...

PT-2025-20728 · Flytxt · Flytxt Neon-Dx

Name of the Vulnerable Software and Affected Versions: Flytxt NEON-dX version 0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c Description: The issue concerns the userId parameter in the change password function, allowing attackers to execute brute force attacks to discover user passwords. This could potential...

CVE-2024-4311

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

CVE-2024-42849

An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function...

PT-2024-18299 · WordPress · Contact Form 7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 plugin for WordPress versions up to, and including, 1.1.1 Description: The Admin side data storage is vulnerable to unauthorized modification of data due to a missing capability check on the zt dcfcf change bookmark function...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function...

CVE-2023-44811

Cross Site Request Forgery CSRF vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function...

CVE-2023-44811

Cross Site Request Forgery CSRF vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function...

kernel: use-after-free in route4_change() in net/sched/cls_route.c

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...

Weak Password Requirement

Description We can change password with just 1 character when we use change password function. Proof of Concept When you change password, just press an charactor and then submit. Your password has been changed...

Swivel.sol is missing authRedeem() function called in Marketplace.sol

Lines of code Vulnerability details Impact A user redeems or withdraws from their ZcToken by calling ZcToken.withdraw or ZcToken.redeem. Both of these functions then call MarketPlace.authRedeem which in turn calls Swivel.authRedeem. The issue is that Swivel.sol does not have an authRedeem functio...

UBUNTU-CVE-2021-45763

GPAC v1.1.0 was discovered to contain an invalid call in the function gfnodechanged. This vulnerability can lead to a Denial of Service DoS...

CVE-2019-20481

The connected Red Hat advisories confirm CVE-2019-20481 affects the Miele XGW 3000 ZigBee Gateway before 2.4.0, where the Password Change Function does not require the old password. This is stated to be exploitable in conjunction with CVE-2019-20480 (CSRF). The combined entries indicate an auth-r...

PT-2019-6818 · Freedesktop +3 · Accountsservice +3

Name of the Vulnerable Software and Affected Versions: AccountService version 0.6.37 Description: An issue exists in the user change password authorized cb function in user.c, which could let a local user obtain encrypted passwords. Recommendations: For version 0.6.37, consider restricting access...

CVE-2017-17056

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...