Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper use of the skb control block, which could lead to null pointer dereferencing...

EUVD-2006-3229

Malware in sbrugna...

EUVD-2023-25604

Malicious code in bioql PyPI...

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

CVE-2024-53900

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...

CVE-2023-42556

CVE-2023-42556 affects Samsung Contacts prior to SMR Dec-2023 Release 1. The issue is due to improper usage of implicit intents in Contacts, enabling an attacker to obtain sensitive information. Affected component: Contacts (Samsung Mobile). Impact is limited to information disclosure; CVSS data ...

CVE-2023-21436

CVE-2023-21436 affects Samsung Contacts prior to SMR Feb-2023 Release 1, due to improper usage of implicit intents that allows a local attacker to obtain an account ID. Connected sources indicate the issue impacts Samsung Mobile devices and that updates addressing it were included in SMR Feb-2023...

PUB-A-217475903

In TBD of TBD, there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2020-11198

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

Buffer overflow

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710...

Regular Expression Denial Of Service (ReDoS)

html-dom-parser is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible due to improper usage of regular expression in HEADREGEX and BODYREGEX, allowing a malicious user to crash the application by passing malicious strings...

Regular Expression Denial Of Service (ReDoS)

is-my-json-valid is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible due to improper usage of regular expression in style format field, allowing a malicious user to crash the application by passing malicious strings...

CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been...

Design/Logic Flaw

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is...

Adobe Creative Cloud Desktop < 4.0.0.185 Multiple Vulnerabilities (APSB17-13)

The version of Adobe Creative Cloud Desktop installed on the remote Windows host is prior to 4.0.0.185. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the installation process due to improper usage of resource permissions that allows an...

discuz!某自带工具可拿shell

简要描述： discuz!某自带工具，由于使用不当，可以造成webshell。 而且经过调查，使用者数量较大。 详细说明： discuz! 安装包中会自带一个转换工具 convert 这个工具由于存在安全问题，可以拿shell 一般存在网站目录 convert 或 utility/convert 而且经过调查，使用数量还是很大的。 使用前题是data目录可写，这也是这个工具的使用前题。 分析： 文件： utility\convert\include\doconfig.inc.php 中 保存配置，跟踪到saveconfigfile...