38696 matches found
CVE-2017-20258
CVE-2017-20258 concerns the Joomla! extension RPC Responsive Portfolio 1.6.1 . The vulnerability is an SQL injection in the affected component, exploitable by unauthenticated attackers via a crafted HTTP GET request to index.php with the query string option=com_pofos&view=pofo&id=[SQL]. The under...
CVE-2017-20258 Joomla! Component RPC Responsive Portfolio 1.6.1 SQL Injection
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...
CVE-2017-20256
Joomla Survey Force Deluxe 3.2.4 is affected by an SQL injection via the invite parameter, allowing unauthenticated attackers to run arbitrary SQL through crafted GET requests and potentially read sensitive database information. Impact is high (unauthenticated, network access, data confidentialit...
CVE-2017-20255
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...
CVE-2017-20255 Joomla! Component JB Visa 1.0 SQL Injection via visatype
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...
EUVD-2017-18981
Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=comuserbench&view=detail&userid...
CVE-2017-20253 Joomla! Component My Projects 2.0 SQL Injection
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extrac...
CVE-2017-20253
Joomla! Component My Projects 2.0 is affected by an SQL injection vulnerability that allows unauthenticated attackers to craft requests to the VerAyari parameter and execute arbitrary SQL queries. The flaw can enable extraction of sensitive database information, including credentials and system d...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Corrected the incorrect validation of the next buffer length in smb2setea. There are multiple smb2eainfo buffers in the FILEFULLEAINFORMATION request from the client. ksmbd uses the NextEntryOffset of the current...
Astra Linux – Vulnerability in gpac
A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15
A NULL pointer dereference vulnerability was discovered in the vmwgfx driver, located in the file vmwgfxexecbuf.c within the GPU component of the Linux kernel. The vulnerability affects device files such as '/dev/dri/renderD128' or 'Dxxx'. This flaw allows a local attacker with a user account on...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Serialization. The supported versions affected by this vulnerability are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in Oracle Java SE component: Hotspot. The supported versions affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, and 23. This vulnerability is difficult to exploit; an unauthenticated attacker with network access via multiple protocols can compromise Oracle Jav...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering. It is possible to trigger a use-after-free situation here by: a forcing rescanworkfunc to take a long time, and b using a pwrctrl driver that may be unloaded for som...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fixed a crash in hvpcirestoremsimsg during hibernation. When a Linux virtual machine with a assigned PCI device runs on Hyper-V, if the PCI device driver is not yet loaded i.e., MSI-X/MSI is not enabled on the device,...
Astra Linux – Vulnerability in qpdf
In QPDF 8.2.1, within libqpdf/QPDFWriter.cc, the functions QPDOrWriter::unparseObject and QPDOrWriter::unparseChild contain recursive calls that last for a long time. This allows remote attackers to cause a denial of service by using a crafted PDF file...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ixgbe: fixed the PCI device reference count leak As stated in the comment for pcigetdomainbusandslot, it returns a PCI device with the reference count incremented. When using this device, the caller must decrement the referenc...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A vulnerability has been discovered in the Linux kernel and is classified as critical. The affected part of the code is the function areacacheget in the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c, belonging to the IPsec component. This vulnerability occurs due to improper memory...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.51, using "After Free" in the Media section of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...