15 matches found
EUVD-2025-6744
Malicious code in bioql PyPI...
EUVD-2025-13194
Malicious code in bioql PyPI...
EUVD-2021-30939
Malicious code in bioql PyPI...
CVE-2022-50156 HID: cp2112: prevent a buffer overflow in cp2112_xfer()
In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112xfer Smatch warnings: drivers/hid/hid-cp2112.c:793 cp2112xfer error: memcpy 'data-block1' too small 33 vs 255 drivers/hid/hid-cp2112.c:793 cp2112xfer error: memcpy 'buf' too small 6...
CVE-2025-21646 afs: Fix the maximum cell name length
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name o...
CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS
spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...
CVE-2022-40303
A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...
Input validation
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...
GSD-2021-1001476 virtio_console: Assure used length from device is limited
virtioconsole: Assure used length from device is limited This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
UVI-2021-1001264 virtio_console: Assure used length from device is limited
virtioconsole: Assure used length from device is limited This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.52 by commit...
UVI-2021-1001188 virtio_console: Assure used length from device is limited
virtioconsole: Assure used length from device is limited This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...
JEEBBS任意帐号密码重置附poc
简要描述: JEEBBS 某些小问题可导致任意帐号密码重置。漏洞的类型,难度不重要,关键是能造成什么影响才是最重要的 详细说明: 一、首先注册个帐号,虽然有些网站去掉了注册连接,但是register.jspx 文件还是存在的,直接访问可以注册帐号。 二、来到论坛的随便一个帖子里,找到举报的连接,虽然有些网站去掉了连接,但是通过 member/getreportpage.jspx?url=/sqzx/帖子ID.jhtml 去举报帖子。 三、由于举报的字符串没有经过过滤直接查询显示在后台位置,于维护-用户举报-举报详情-举报理由。形成存储型xss...
Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password Encryption
Portcullis Security Advisory Vulnerable System: Spectrum Cash Receipting System Vulnerability Title: Spectrum Cash Receipting System Weak Password Protection Vulnerability. Vulnerability discovery and development: Portcullis Security Testing Services. Affected systems: All known versions of...
[Full-Disclosure] cPanel check only the first 8 characters of webmail password
cPanel check only the first 8 characters of webmail password. HiddenBit.org Security Advisory. Date: October 21, 2004 Software: cPanel 9.4.1-STABLE 65 Author: Andrey Bayora BACKGROUND cPanel & WebHost Manager WHM is a next generation web hosting control panel system. Both cPanel & WHM are extreme...
Personal FTP Server buffer overflow
Buffer overflow on USER longer than 320 characters...