CVE-2024-39810

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

EUVD-2000-0030

Malware in sbrugna...

CVE-2025-56289

code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...

CVE-2020-24881

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning...

SUSE-SU-2024:0311-1 Security update for slurm_22_05

This update for slurm2205 fixes the following issues: Update to slurm 22.05.11: Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49936: Prevent NULL pointer dereference on sizevalp overflow. bsc1218050 - CVE-2023-49937:...

SUSE-SU-2024:0286-1 Security update for slurm_22_05

This update for slurm2205 fixes the following issues: Update to slurm 22.05.11: Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49936: Prevent NULL pointer dereference on sizevalp overflow. bsc1218050 - CVE-2023-49937:...

SUSE-SU-2024:0283-1 Security update for slurm_22_05

This update for slurm2205 fixes the following issues: Update to slurm 22.05.11: Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49936: Prevent NULL pointer dereference on sizevalp overflow. bsc1218050 - CVE-2023-49937:...

SUSE-SU-2024:0279-1 Security update for slurm

This update for slurm fixes the following issues: Security fixes: - CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. bsc1216207 - CVE-2023-49933: Prevent message extension attacks that could...

CVE-2021-45466

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

CVE-2021-45466

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

CVE-2021-45466

CVE-2021-45466: In CWP (Control Web Panel/CentOS Web Panel) before 0.9.8.1107, a crafted request to api/?api=add_server&DHCP= can cause an authorized_keys file to be written under /resources/. This is a remote, unauthenticated exploit with high impact. CVE-2021-45467: In the same platform before ...

firefox security update

78.5.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 78.5.0-1 - Update to 78.5.0 build1...

CVE-2019-19668

A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html...

CVE-2018-0661

Multiple I-O DATA network camera products TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result ...

CVE-2017-16691

SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...

OracleVM 3.2 : rpm (OVMSA-2016-0077)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add missing files in /usr/share/doc/ - Fix warning when applying the patch for 1163057 - Fix race condidition where unchecked data is exposed in the file system CVE-2013-64351163057 - Fix segfault on...

CVE-2005-4474

Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated usi...