Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSiteRootURL parameter in the saveDVR.json.php endpoint. An attacker can cause the server to make arbitrary HTTP request...

PT-2024-15825 · Unknown +1 · Kube-Controller-Manager +1

Name of the Vulnerable Software and Affected Versions: kube-controller-manager affected versions not specified Description: A flaw was found in kube-controller-manager, causing a denial of service due to KCM pods going into restart churn when the initial application of a HPA config YAML lacks a...

Improper Access Control

@strapi/strapi and @strapi/plugin-users-permissions are vulnerable to Improper Access Control. The vulnerability is caused by a missing configuration/provision to control which custom fields are allowed to be set during registration while calling the /api/auth/local/register route. This can lead ...

QEMU Code Issue Vulnerability

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU version 8.0.4 and earlier versions, which stems from the fact that it does not check whether an enduran...

SSH connection too eager reuse still

libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were...

CVE-2020-0261

In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Code injection

A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...

Mandriva Update for banshee MDVA-2008:150 (banshee)

Check for the Version of banshee OpenVAS Vulnerability Test Mandriva Update for banshee MDVA-2008:150 banshee Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

security flaw

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...