125 matches found
PT-2025-18805
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-96.el9.x86 64 Description A vulnerability in the Linux kernel has been resolved, specifically in the scsi: qla2xxx module. The issue occurred when a command was completed in the abort path during driver...
SUSE CVE-2016-1249
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...
SUSE CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
PT-2022-27239 · Unknown · Power Module
Name of the Vulnerable Software and Affected Versions: Power module affected versions not specified Description: The issue is related to a problem in permission verification within the power module. This could potentially lead to a module on the device entering an abnormal status if the issue is...
USN-5371-3 nginx vulnerability
USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perfo...
PT-2022-33332 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.19.4 Description: The issue is related to the powerpc/pseries/mobility module in the Linux Kernel, specifically with setting the NMI watchdog factor during an LPM. The actual impact and attack plausibility hav...
PT-2022-21154 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 Description: The issue arises from the llhttp parser in the http module in Node.js, which does not correctly parse and validate...
PT-2021-20101 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.1 and earlier Liferay DXP versions 7.0 through 7.0 before fix pack 96 Liferay DXP versions 7.1 through 7.1 before fix pack 20 Liferay DXP versions 7.2 through 7.2 before fix pack 5 Description: The issue concerns t...
Security update for nim (moderate)
openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2021:0618-1 Rating: moderate References: 1185083 1185084 1185085 Cross-References: CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 CVSS scores: CVE-2021-21374 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affecte...
EUVD-2020-9463
Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...
SUSE-SU-2021:14198-1 Security update for python
This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. bsc1149955...
CVE-2019-14029
CVE-2019-14029 describes a use-after-free in the graphics module caused by destroying an already queued syncobj in error handling, affecting a wide range of Qualcomm/Snapdragon devices (Snapdragon Auto, Compute, Consumer IoT, Industrial IoT, Mobile, Wearables, etc.) across multiple SKUs (APQ8009,...
CVE-2018-1113
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...
PGObject::Util::DBAdmin shell code injection vulnerability
LedgerSMB is an open source ERP, financial management system written and maintained by software developer Dieter Simader. The system is a branch of SQL-Ledger financial management software.PGObject::Util::DBAdmin is one of the modules used to manage PGObject. A security vulnerability exists in...
PT-2018-3757 · Satori +1 · Go.Uuid +2
Name of the Vulnerable Software and Affected Versions: SIF versions prior to v1.2.3 Description: The issue is related to the github.com/satori/go.uuid module used as a dependency in SIF, which produces predictable UUID identifiers due to insecure randomness. This could allow a remote attacker to...
MGASA-2014-0233 Updated webmin package fixes security vulnerabilities
Updated webmin package fix security vulnerabilities: Webmin has been updated to version 1.690, which fixes a security issue in the cron module and several XSS issues in pop-up windows...
SA-CONTRIB-2014-057 - Password policy - General logic error
This module enables you to define password policies with various constraints on allowable user passwords. The history constraint, when enabled, disallows a user's password from being changed to match a specified number of their previous passwords. Beginning with Password Policy 7.x-1.4, the histo...
MGASA-2013-0162 Updated moodle package fix security vulnerabilities
The assignment module in Moodle before 2.4.4 was not checking capabilities for users downloading all assignments as a zip CVE-2013-2079. The Gradebook's Overview report in Moodle before 2.4.4 was showing grade totals that may have incorrectly included hidden grades CVE-2013-2080. When registering...
Debian DSA-1789-1 : php5 - several vulnerabilities
Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems. The following four vulnerabilities have already been fixed in the stable lenny version of php5 prior to the release of lenny...
MRBS 1.2.x - view_entry.php SQL Injection
MRBS 1.2.x - viewentry.php SQL Injection source: https://www.securityfocus.com/bid/26977/info MRBS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...