Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing the OPCINBSETCONTROLLERCONFIG command. The tags allocated for the OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

SUSE CVE-2023-52500

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPCINBSETCONTROLLERCONFIG command Tags allocated for OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

DEBIAN-CVE-2023-52500

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPCINBSETCONTROLLERCONFIG command Tags allocated for OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

UBUNTU-CVE-2023-52500

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPCINBSETCONTROLLERCONFIG command Tags allocated for OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

CVE-2023-52500 scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPCINBSETCONTROLLERCONFIG command Tags allocated for OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

VulnCheck KEV: CVE-2020-21650

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

Privilege Escalation

pinot-controller is vulnerable to privilege escalation. The vulnerability exists because the isDisableIngestionGroovy function of ControllerConf.java does not properly disable groovy functionality by default allowing an attacker to modify table-level config or broker/controller config to turn it ...

CVE-2022-34809

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2021-43075

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...

CVE-2020-21652

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the addqq method...

CVE-2020-21650

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

PT-2021-10650 · Muyucms · Muyucms

Name of the Vulnerable Software and Affected Versions: Myucms version 2.2.1 Description: The issue is related to a remote code execution RCE vulnerability in the controllerConfig.php component. This vulnerability can be exploited via the add method. Recommendations: For Myucms version 2.2.1,...

PT-2021-10652 · Muyucms · Muyucms

Name of the Vulnerable Software and Affected Versions: Myucms version 2.2.1 Description: The issue concerns a remote code execution RCE vulnerability. It is located in the controllerConfig.php component and can be exploited via the addqq method. Recommendations: For Myucms version 2.2.1, consider...