CVE-2023-45378

In the module "PrestaBlog" prestablog version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax sliderpositions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

EUVD-2018-4846

Malware in sbrugna...

CVE-2023-50030

In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...

CVE-2023-46356

In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-46358

In the module "Referral and Affiliation Program" referralbyphone version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate has sensitive SQL calls that can be executed with a trivial ht...

CVE-2019-5124

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered...

PT-2024-27121 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Theme settings" pk themesettings versions = 1.8.8 Description: The issue allows a guest to perform SQL injection in the "Theme settings" module. Specifically, the script ajax.php contains a sensitive SQL call that can be...

CVE-2022-42316

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

Information Disclosure

qemu is vulnerable to information disclosure. The vulnerability was found in the virtio vhost-user GPU device due to a flaw in virglcmdgetcapsetinfo in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory...

UBUNTU-CVE-2018-12893

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leadi...

Hypervisor heap contents leaked to guests

ISSUE DESCRIPTION While memory pages recovered from dying guests are being cleaned to avoid leaking sensitive information to other guests, memory pages that were in use by the hypervisor and are eligible to be allocated to guests weren't being properly cleaned. Such exposure of information would...