kernel: UAF during login when accessing the shost ipaddress

A use-after-free flaw was found in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information...

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

Stored Cross Site Scripting (XSS)

apachesuperset is vulnerable to Stored Cross Site Scripting XSS. An authenticated attacker with create or update permissions on charts or dashboards could store a malicious script or add a specific HTML snippet, resulting in Stored Cross Site Scripting XSS...

PT-2024-15841 · Unknown · Ovirt Engine

Name of the Vulnerable Software and Affected Versions: overt-engine affected versions not specified Description: An authentication bypass issue was found, allowing the creation of users in the system without authentication due to a flaw in the CreateUserSession command. Recommendations: At the...

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

DEBIAN-CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

UBUNTU-CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

CVE-2024-0424

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2024-0424 CodeAstro Simple Banking System Create a User Page createuser.php cross site scripting

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CodeAstro Simple Banking System Cross-Site Scripting Vulnerability

Simple Banking System is a simple project about online banking. A cross-site scripting vulnerability exists in CodeAstro Simple Banking System version 1.0, which originates from a cross-site scripting vulnerability due to an unknown function in createuser.php in the component Create a User Page...

DEBIAN-CVE-2022-36765

EDK2 is susceptible to a vulnerability in the CreateHob function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments based on UEFI and PI specifications from the Tianocore community. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the CreateHob function...

BlueHat India Call for Papers is Now Open!

You asked for it and it’s finally here! The inaugural BlueHat India conference will be held May 16-17th, 2024, in Hyderabad, India! This intimate conference will bring together a unique blend of security researchers and responders, who come together as peers to exchange ideas, experiences, and...

Cross site scripting

A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input alert0x00C57D leads to cross site scripting. T...

DEBIAN-CVE-2023-7192

A memory leak problem was found in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow...

CVE-2024-0189 RRJ Nueva Ecija Engineer Online Portal Create Message teacher_message.php cross site scripting

A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teachermessage.php of the component Create Message Handler. The manipulation of the argument Content with the input alertx leads to cross...

PT-2024-18980 · Rust-Evm · Rust-Evm

Name of the Vulnerable Software and Affected Versions: rust-evm versions prior to 0.41.1 Description: The issue is related to the record external operation feature in rust-evm, which allows library users to record custom gas changes. This feature can have bogus interactions with the call stack,...

Restore Entire Bucket to Zadara Object Storage Fails With "Error: Internal error: object key is empty."

Challenge Attempting to perform an Entire Bucket Restore with the the Destination set to New Bucket when using Zadara Object Storage fails with the error: Restore job failed Error: Internal error: object key is empty. ClientId: , BucketName: Cause This issue arises from a problem related to the...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...