193 matches found
DEBIAN-CVE-2024-38439
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. 2.4.1 and 3.1.19 are also fixed versions...
UBUNTU-CVE-2024-38440
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BNbin2bn in etc/uams/uamsdhxpam.c. The original issue 1097 report stated: 'The latest version of Netatalk v3.2.0 contains a security...
Netatalk Security Vulnerabilities
Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk version 3.2.0, which stems from etc/uams/uamspam.c setting ibufPASSWDLEN to 0 in FPLoginExt...
kernel: s390/ptrace: handle setting of fpc register correctly
In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control fpc register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading...
SUSE CVE-2023-52598
In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control fpc register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading...
CVE-2023-52606
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...
Stack overflow
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...
CVE-2023-52606 powerpc/lib: Validate size for vector operations
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...
fp-santagema.es Improper Access Control vulnerability OBB-3822118
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
fp-adistancia.es Improper Access Control vulnerability OBB-3822115
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in fp-aanvragen-bankrekening (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38ed4291c003da2321057839f26e6889760e131941a98a54026033c0c67fdfcc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Waf-Bypass - Check Your WAF Before An Attacker Does
WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...
K21344224: Lazy FP state restore vulnerability CVE-2018-3665
Security Advisory Description System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. CVE-2018-3665 A Floating-Point FP state...
CVE-2022-40080
Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...
SUSE CVE-2010-3906
Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...
SUSE CVE-2015-8712
The dissecthsdschchannelinfo function in epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service application crash via a crafted packet...
SUSE CVE-2016-7178
epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service invalid write access and application crash via a crafted packet...
Security Bulletin: Security vulnerability in Apache CXF affects IBM InfoSphere Master Data Management
Summary By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpmasterquiz, which stems from the fact that an attacker can view the answers of this user and modify those answers...
PT-2022-28057 · Unknown · Fp Masterquiz
Name of the Vulnerable Software and Affected Versions: fp masterquiz extension versions 2.2.0 and earlier, 3.x before 3.5.1 Description: An issue allows an attacker to continue the quiz of a different user, enabling them to view and modify that user's answers. Recommendations: For fp masterquiz...