989 matches found
RHEL 9 : kernel-rt (RHSA-2023:2148)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2148 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
CVE-2020-18280
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...
CVE-2020-18280
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...
Cross site scripting
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...
CVE-2020-18280
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...
CVE-2020-18280
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...
Phodal CMD 跨站脚本漏洞
Phodal CMD is a drop-in editor for the WeChat media platform by Fengda Huang, an individual developer in China. A security vulnerability exists in Phodal CMD version v.1.0, which stems from the presence of a cross-site scripting vulnerability that allows local attackers to execute arbitrary code...
CVE-2020-18280
Phodal CMD v.1.0 is affected by a Cross Site Scripting vulnerability that allows a local attacker to execute arbitrary code via the EMBED SRC function. Affected component: Phodal CMD, version 1.0. Root cause: EMBED SRC function enables code execution through XSS. In the available documents, explo...
go -- multiple vulnerabilities
The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...
CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in the current directory, if it exists
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed doskey.exe would be executed silently upon running Git CMD. The problem ha...
CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in the current directory, if it exists
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed doskey.exe would be executed silently upon running Git CMD. The problem ha...
CVE-2023-29915
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...
CVE-2023-29915
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...
Stack overflow
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...
CVE-2023-29915
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...
PT-2023-22472 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the CMD parameter at the "/goform/aspForm" API endpoint. Recommendations: For H3C Magic R200 version R200V100R004, consider disabling access to the...
CVE-2023-29915
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...
CVE-2023-29915
The CVE-2023-29915 issue affects H3C Magic R200 (version R200V100R004 ). The vulnerability is a stack overflow triggered via the CMD parameter at the API endpoint /goform/aspForm . CVSS shows a Medium severity (4.9) with network access, low attack complexity, and high impact to availability, whil...
Integer overflow
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target...
CVE-2022-40532
CVE-2022-40532 affects Qualcomm WLAN/WMI command handling, where memory corruption can occur due to an integer overflow or wraparound when sending a WMI command from the host to the target. The issue is tied to Qualcomm chipset/WLAN firmware and is described as memory corruption with potential hi...