221 matches found
Adobe Dimension Memory Misreference Vulnerability
Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. A memory mis-reference vulnerability exists in versions prior to Adobe Dimension 3.4.6, which stems from a "use-after-release" vulnerability that could be exploited to execute arbitrary code in the current user context...
mis-sklep.pl Cross Site Scripting vulnerability OBB-2968708
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ISAMS Cross-Site Scripting Vulnerability
ISAMS is a 100% web-based MIS from ISAMS that can be accessed from anywhere, with multiple third-party integrations into the online learning platform. version 22.2.3.2 of ISAMS contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of...
mis-pol.pl Cross Site Scripting vulnerability OBB-2877981
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mis-productions.co.uk Cross Site Scripting vulnerability OBB-2872433
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Debian: Security Advisory (DSA-5207-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : xen (SUSE-SU-2022:2574-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2574-1 advisory. - Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information...
SUSE SLES15 Security Update : xen (SUSE-SU-2022:2601-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2601-1 advisory. - Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable...
Arbitrary Code Execution
xen is vulnerable to arbitrary code execution. The vulnerability exists in hw due to Mis-trained branch predictions for return instructions which allows an attacker to inject and execute arbitrary speculative codes under certain microarchitecture-dependent conditions...
SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2377-1 advisory. - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection...
CVE-2022-29900
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...
ALPINE-CVE-2022-29900
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...
Design/Logic Flaw
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...
CVE-2022-29900
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...
CVE-2022-29900
CVE-2022-29900 describes mis-trained branch predictions for return instructions that may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Connected advisories confirm this affects Linux-kernel components (e.g., linux-5.10 in Astra Linux; multiple Am...
GHSA-MC6J-H948-V2P6 RubyGems Improper Verification of Cryptographic Signature vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can resu...
RubyGems Improper Verification of Cryptographic Signature vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can resu...
Hotel Management System SQL Injection Vulnerability
Hotel Management System is a MIS project based on a hotel management system. v1.0 of Hotel Management System is vulnerable to SQL injection, which stems from a login page whose username parameter was found to contain SQL injection. An attacker could exploit the vulnerability to perform SQL...
Shopify: Staff without Manage Themes permissions can update themes
Vulnerability description not provided...
MariaDB Binary_string::free_buffer() component memory misreference vulnerability
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A memory misreference vulnerability exists in MariaDB v10.6.3 and lower, which stems from a post-release reuse error in the component...