20 matches found
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: vmci: Speculation leaks were prevented by sanitizing the eventdata parameter in the eventdeliver function. Coverity identified that the eventmsg is controlled by user-space. The eventmsg-eventdata.event is passed to eventdeliver...
CVE-2022-38358
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990542)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990542 advisory. In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventms...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990312 advisory. In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventms...
CVE-2022-41432
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /module/reportevent/index.php...
kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()
A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...
kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()
A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...
PT-2024-25626 · Unknown · School Management System
Name of the Vulnerable Software and Affected Versions: School Event Management System version 1.0 Description: A Cross-Site Scripting XSS issue exists, allowing an attacker to create a specially crafted URL and send it to a victim to obtain their session details. This is achieved via the view...
School Event Management System 跨站脚本漏洞
School Event Management System is a school event management system. A cross-site scripting vulnerability exists in School Event Management System version 1.0. An attacker can create a specially crafted URL and send it to a victim to obtain their session details via the "view" parameter in...
CVE-2024-39499
A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks. Mitigation Mitigation for this issue is either no...
SUSE CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
UBUNTU-CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
SUSE CVE-2009-3080
Array index error in the gdthreadevent function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request...
CVE-2022-38358
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...
CVE-2018-18795
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter...
kernel: gdth: Prevent negative offsets in ioctl
Array index error in the gdthreadevent function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request...
kernel: gdth: Prevent negative offsets in ioctl
Array index error in the gdthreadevent function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request...
Design/Logic Flaw
Array index error in the gdthreadevent function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request...