SUSE CVE-2016-6989

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4273,...

SUSE CVE-2017-5110

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page...

SUSE CVE-2017-5117

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

SUSE CVE-2021-27922

Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large...

SUSE CVE-2022-0615

Use-after-free in esetrtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system...

CVE-2022-41552

Server-Side Request Forgery SSRF vulnerability in Hitachi Infrastructure Analytics Advisor on Linux Data Center Analytics, Analytics probe components, Hitachi Ops Center Analyzer on Linux Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components allows Server Side...

Zimbra Zip Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Zip Path Traversal in Zimbra mboximport CVE-2022-27925', 'Description' = %q This module POSTs a ZIP file containing path...

HICOS 缓冲区错误漏洞

HICOS is a tool from China's MOICA that provides IC card credentials for registration into an operating system. A buffer error vulnerability exists in HICOS due to an insufficiently validated parameter length in its citizen authentication component that could be exploited by an unauthenticated...

Tenable Nessus Installed (Linux)

Binary data nessusinstalledlinux.nbin...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when creating HTTPS web requests while building X509 certificate chains. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

F5 BIG-IP iControl Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP iControl RCE via REST Authentication Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in the F5...

TIBCO Managed File Transfer Platform Server 代码注入漏洞

TIBCO Managed File Transfer Platform Server is a hosted file transfer platform server from TIBCO USA. A security vulnerability exists in the cfsend, cfrecv, and CyberResp components of TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux...

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software from Microsoft USA. A security vulnerability exists in Microsoft Defender for Endpoint. The following products and versions are affected: Microsoft Defender for Endpoint for Mac,Microsoft Defender for Endpoint for Windows for Windows Server 2012 ...

Polkit pkexec privilege elevation

Added: 01/27/2022 CVE: CVE-2021-4034 Background Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called pkexec that allows the user to execute commands as another user according to the polkit policy...

CVE-2021-4053

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

IBM DB2 权限许可和访问控制问题漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An elevation of privilege vulnerability exists in IBM Db2 for Linux that originates from an incorrectl...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93824)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

DEBIAN-CVE-2021-33098

Improper input validation in the IntelR Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access...

DEBIAN-CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...