SUSE CVE-2019-10140

A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovlposixaclcreate function in fs/overlayfs/dir.c. This can allow attackers with ability to create...

SUSE CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

SUSE CVE-2020-10236

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

SUSE CVE-2021-3582

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMACMDCREATEMR" command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this...

SUSE CVE-2021-3816

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group via "Copy" method at usergroupadmin.php...

SUSE CVE-2021-4011

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

SUSE CVE-2021-21442

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19...

SUSE CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

SUSE CVE-2022-4743

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

SUSE CVE-2022-23709

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this...

SUSE CVE-2022-27378

An issue in the component Createtmptable::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

SUSE CVE-2022-39306

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

SUSE CVE-2023-0290

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...

CVE-2022-47372 Stored cross-site scripting vulnerability in create event section

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...

PT-2023-15287 · Unknown · Pandora Fms Console

Name of the Vulnerable Software and Affected Versions: Pandora FMS Console versions v766 and lower Description: A stored cross-site scripting vulnerability exists in the Create event section. An attacker can exploit this by injecting XSS payloads on popular pages or passing a link to a victim,...

PT-2023-35350 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.270 Description: The issue is related to an overflow before widen in the bitmap ip create function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

Exploit for Unrestricted Upload of File with Dangerous Type in Pwndoc_Project Pwndoc

CVE-2022-45771 The PwnDoc...

CVE-2022-46677

Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized...

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...

PT-2023-3787 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Although authentication is required to exploit this, the existing...