CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-1882

CVE-2022-1882: A use-after-free in Linux kernel pipes handling (pipes.post_one_notification after free_pipe_info) allows a local user to crash the system and potentially escalate privileges. Documented in CVE-2022-1882 with CVSS v3 base 7.8 (LOCAL, LOW complexity, user is not required to interact...

Design/Logic Flaw

ManageEngine AppManager15 Build No:15510 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality...

GHSA-R3RG-JRJQ-W4MR Grav CMS Local File Injection

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

GHSA-5V5P-X8C2-MQXP Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...

GHSA-2CRC-5VQ6-386R Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code...

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code...

SUSE-SU-2022:1832-1 Security update for openldap2

This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql bsc1199240. Bugfixes: - allow specification of max/min TLS version with TLS1.3 bsc1191157 - libldap was able to be out of step with openldap in some cases which could cause incorrect...

Impossible Clearance of Delegate

Lines of code Vulnerability details ALR-01M: Impossible Clearance of Delegate | File | Lines | Type ---|---|--- AuraLocker.sol | L464-L509 | Code Functionality Description The delegate function disallows clearance of any existing delegation, thereby forcing the user to retain a delegate active...

CVE-2020-6105

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

CVE-2020-11060

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...

CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

Design/Logic Flaw

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

WordPress JupiterX Theme and JupiterX Core Plugin Access Control Error Vulnerability

JupiterX Core is a Wordpress Advanced View plugin. WordPress JupiterX Theme and JupiterX Core Plugin are vulnerable to an access control error that could be exploited by attackers to compromise site security or functionality...

PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication i...

Information Disclosure

randompasswordgenerator is vulnerable to information disclosure. The vulnerability exists due to the insecure random password generation in rand functionality in the generate function of randompasswordgenerator.rb, allowing an attacker to guess the password...

Checkbox Survey 6.12 <= 6.18 RCE

Checkbox Survey is an ASP.NET application that can add survey functionality to a website. Prior to version 7.0, Checkbox Survey implements its own View State functionality by accepting a VSTATE argument, which it then deserializes using LosFormatter. Because this data is manually handled by the...