Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable status which contains the unhandled overflow bits is not being properly masked in some cases, resulting in the following warning: WARNING: CPU: 156 PID: 475601 at...

E-Commerce Website supplier_update.php file cross-site scripting vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters suppname and suppaddress in the file /pages/supplierupdate.php, which can be...

CVE-2023-53073

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable 'status' which contains the unhandled overflow bits is not being properly masked in some cases, displaying the following warning: WARNING: CPU: 156 PID: 475601 at...

UBUNTU-CVE-2023-53073

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable 'status' which contains the unhandled overflow bits is not being properly masked in some cases, displaying the following warning: WARNING: CPU: 156 PID: 475601 at...

PHPGurukul Online Shopping Portal 跨站脚本漏洞

Online Shopping Portal is an online store. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...

CentOS 9 : keylime-6.5.2-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the keylime-6.5.2-1.el9 build changelog. - A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists t...

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...

kernel: perf/x86/amd/core: Always clear status for idx

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable 'status' which contains the unhandled overflow bits is not being properly masked in some cases, displaying the following warning: WARNING: CPU: 156 PID: 475601 at...

GHSA-WQQV-JCFR-9F5G PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash

Impact DyeColorIdMap-fromId did not account for the possibility that it might be given invalid input. This means that an undefined offset error would occur whenever this happened. This code is indirectly called during Banner-deserializeCompoundTag, which is invoked when deserializing any item NBT...

Design/Logic Flaw

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

CVE-2021-42205

ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice...

Oracle Linux 7 : firefox (ELSA-2022-0124)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0124 advisory. 91.5.0-1.0.2 - Enabled aarch64 builds 91.5.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 3014329...

USN-4478-1: Python-RSA vulnerability

It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-languages.php by adding a question mark ? followed by the payload...

Apache SpamAssassin Command Execution Vulnerability (CNVD-2020-07221)

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides system administrators with a filter and support for categorizing email to block spam. An operating system command execution vulnerability exists in Apache SpamAssassin versions prior to 3.4.3. T...

Design/Logic Flaw

A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'...

December 11, 2018—KB4471324 (OS Build 17134.471)

December 11, 2018—KB4471324 OS Build 17134.471 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

USN-3750-1 pango1.0 vulnerability

Jeffrey M. discovered that Pango incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...

CVE-2018-0846

The Windows Common Log File System CLFS driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability...