124 matches found
The vulnerability of the kvm_set_cpuid() function in the arch/x86/kvm/cpuid.c module of the virtualization subsystem on the Linux kernel-based x86 platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the kvmsetcpuid function in the arch/x86/kvm/cpuid.c module of the virtualization subsystem on the Linux kernel-based x86 platform is related to code errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility ...
CVE-2024-11015
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticateuser' user function not implementing sufficient null value checks when setting the access token and user information. This makes it...
The vulnerability of the remember() function in the Laravel Pulse performance monitoring and application usage analysis tool allows a hacker to execute arbitrary code.
The vulnerability of the remember function in the Laravel Pulse performance monitoring and application usage analysis tool is related to improper code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
AZL-54467 CVE-2024-45338 affecting package cni for versions less than 1.1.2-4
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted “SELECT WHERE” query...
Unspecified Vulnerability in D-Link DCS-960L
D-Link DCS-960L is a webcam product from China AUO D-Link. A security vulnerability exists in the D-Link DCS-960L version 1.09, which originates from a flaw in the handling of the login function of the HNAP service and can be exploited by an attacker to execute arbitrary code...
PT-2024-38849
Name of the Vulnerable Software and Affected Versions: Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5 Description: A critical issue has been found, affecting the rename function of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the new name...
PT-2024-20203 · Alpine · Alpine Halo9
Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The...
The vulnerability of the gfs2PutSuper() function in the gfs2 file system of Linux kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the gfs2PutSuper function in the fs/gfs2/super.c file of the Linux kernel’s file system gfs2 is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...
kernel: uio: Fix use-after-free in uio_open
A flaw was found in the Linux kernel’s uio subsystem. A use-after-free memory flaw in the uioopen functionality allows a local user to crash or escalate their privileges on the system...
Django MarkdownX Cross-Site Scripting Vulnerability
Django MarkdownX is a comprehensive Markdown plugin built for Django with flexibility, extensibility and ease of use at its core. A cross-site scripting vulnerability exists in Django MarkdownX version 4.0.2 that stems from a lack of proper cleanup of JavaScript elements. An attacker can exploit...
The vulnerability of the run() function in the FreeIPA server’s script allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the run function in the ipautil.py script of the FreeIPA server is related to insufficient validation of input data during session establishment when processing the user parameter /sip/session/loginpassword. Exploiting this vulnerability can allow a malicious actor to gain...
Artifex Software Ghostscript Security Vulnerability
Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-Postscrip...
The vulnerability of the __flush() function in the libc library of the FreeBSD operating system allows a hacker to execute arbitrary code.
The vulnerability of the flush function in the libc library of the FreeBSD operating system is related to writing data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) of the ILIAS learning management and support system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the exec function in the execQuoted method of the ilUtil class /Services/Utilities/classes/class.ilUtil.php of the ILIAS training and support management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote...
DEBIAN-CVE-2023-40828
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...
cleanup() does not properly handle debt repayment
Lines of code Vulnerability details Impact The cleanup... function in the PositionManager.sol contract is used to deposit remaining users assets back to ROE, repaying debt if any. However the users debt will not be repaid if the user has debt leading to loss of funds for the lenders and the proje...
U.S. Dept Of Defense: Reflected xss on https://█████████
The website was vulnerable to a reflected XSS attack due to a flaw in the check that verifies the validity of the redirect URL. Attackers could exploit this vulnerability to execute malicious scripts on the victim's browser, leading to potential account takeover, phishing, and other malicious...
The vulnerability of the stat() function in the OverlayFS subsystem of Linux kernels allows attackers to increase their privileges.
The vulnerability of the stat function in the OverlayFS subsystem of Linux operating systems is related to deficiencies in access control when processing setuid and setgid attributes. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the exec() function implementation in D-Link DIR-846 router software allows a hacker to execute arbitrary commands.
The vulnerability of the exec function implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the lan0dhcpsstaticlist parameter. Exploiting this vulnerabilit...