137 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: Sleeping function called from invali...
VulnCheck KEV: CVE-2024-22255
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process...
PT-2024-31857 · October · October
Name of the Vulnerable Software and Affected Versions: October versions 3.6.30 Description: The issue allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site...
DEBIAN-CVE-2024-44974
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp selectlocaladdress and selectsignaladdress both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the...
UBUNTU-CVE-2024-41049
In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posixlockinode Light Hsieh reported a KASAN UAF warning in traceposixlockinode. The request pointer had been changed earlier to point to a lock entry that was added to the inode's list...
MAL-2024-2516 Malicious code in inside-design-stencil (npm)
--- -= Per source details. Do not edit below this line.=-...
Design/Logic Flaw
CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cau...
GHSA-QC6V-G3XW-GRMX Authenticated users can crash the CubeFS servers with maliciously crafted requests
A security vulnerability was found in CubeFS HandlerNode that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to...
CVE-2023-46738 Authenticated users can crash the CubeFS servers with maliciously crafted requests
CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cau...
inside-rh.fr Improper Access Control vulnerability OBB-3824691
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
inside-news.ch Cross Site Scripting vulnerability OBB-3810001
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-43137
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points...
Insyde InsydeH2O 安全漏洞
The RUGGEDCOM APE1808 is a utility-grade application hosting platform that allows you to deploy a range of commercial edge computing and cybersecurity applications in harsh industrial environments. An Inside BIOS vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, which is cause...
Nickelodeon Data Leak Labeled ‘Old’: Interview with @GhostyTongue Reveals Inside Info
By Waqas @GhostyTongue is a Twitter handle with inside information about the latest Nickelodeon data leak and has been posting clips and screenshots from the leaked data for the past couple of days. This is a post from HackRead.com Read the original post: Nickelodeon Data Leak Labeled Old:...
A New Security Category Addresses Web-borne Threats
In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Ye...
SUSE CVE-2010-3772
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element...
SUSE CVE-2013-1695
Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element...
SUSE CVE-2015-3751
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element...
SUSE CVE-2016-5427
PowerDNS aka pdns Authoritative Server before 3.4.10 does not properly handle a . dot inside labels, which allows remote attackers to cause a denial of service backend CPU consumption via a crafted DNS query...
SUSE CVE-2020-8138
A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1, 16.0.7, and 15.0.14 allowed a Server-Side Request Forgery SSRF vulnerability when subscribing to a malicious calendar URL...