Cross site scripting

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

CVE-2021-46680 Vulnerability XSS in module form name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field...

CVE-2021-46679 Vulnerability XSS in service elements

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements...

Authorization

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...

CVE-2022-31145 Insufficient AccessToken Expiration Check in FlyteAdmin

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...

CVE-2022-31145

Summary: CVE-2022-31145 concerns FlyteAdmin's validation of access/tokens. In versions up to 1.1.30, authenticated users with external identity providers can continue to use Access Tokens and ID Tokens after expiry. The issue does not affect users configuring FlyteAdmin as the OAuth2 Authorizatio...

CVE-2022-24656

HexoEditor 1.1.8 is affected by Cross Site Scripting XSS. By putting a common XSS payload in a markdown file, if opened with the app, will execute several times...

CVE-2022-24656

HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). A common XSS payload placed in a markdown file can execute when opened with the application, reportedly several times. The available documents consistently identify HexoEditor 1.1.8 as vulnerable to XSS, but do not provide a device-speci...

PT-2022-17785 · Mendix · Mendix Applications

Name of the Vulnerable Software and Affected Versions: Mendix Applications versions prior to 7.23.29 Description: A vulnerability has been identified in Mendix Applications. The affected framework does not correctly verify if the request was initially made by the user requesting the result when...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a remote code execution vulnerab...

Cross-site Scripting (XSS)

mailman:bionic is vulnerable to cross-site scripting XSS attacks. A crafted URL to the user options page in Cgi/options.py results in arbitrary JavaScript executions...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...