336 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a deadlock issue in the icevccfgqsmsg function...
PYSEC-2024-207
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from when the buffer parameters are msg.data, self.code, .code, start, length...
CVE-2024-26689 ceph: prevent use-after-free in encode_cap_msg()
In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encodecapmsg In fs/ceph/caps.c, in encodecapmsg, "use after free" error was caught by KASAN at this line - 'cephbuffergetarg-xattrbuf;'. This implies before the refcount could be increment here, it...
PT-2024-19583 · Unknown · Boyiddha Automated-Mess-Management-System
Name of the Vulnerable Software and Affected Versions: boyiddha Automated-Mess-Management-System version 1.0 Description: A problematic vulnerability was found in the Chat Book component of the boyiddha Automated-Mess-Management-System, specifically in the file /member/chat.php. The manipulation ...
CVE-2021-47069
A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to...
CVE-2021-47069
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
CVE-2021-47069
CVE-2021-47069 is a Linux kernel race in IPC paths: do_mq_timedreceive may call wq_sleep with a stack-allocated ewq_addr that can be overwritten, leading to a later access by do_mq_timedsend and a crash. The root cause is a race between the receiver’s stack address and the sender’s use of that ad...
CVE-2021-47069 ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
CVE-2024-25435
A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...
CVE-2024-25435
A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...
CVE-2024-25435
A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...
CVE-2024-25435
A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...
PT-2024-15784 · Unknown · Project Worlds Student Project Allocation System
Name of the Vulnerable Software and Affected Versions: Project Worlds Student Project Allocation System version 1.0 Description: A vulnerability was found in the Admin Login Module, specifically affecting the file admin login.php. The issue allows for cross-site scripting through the manipulation...
msg-global.com Cross Site Scripting vulnerability OBB-3829306
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
msg-plaut.com Cross Site Scripting vulnerability OBB-3828698
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2024-15031 · WordPress · Post Smtp Mailer/Email Log
Name of the Vulnerable Software and Affected Versions: The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress versions up to, and including, 2.8.6 Description: The issue is related to Reflected Cross-Site Scripting via the msg...
CVE-2023-46015
Cross Site Scripting XSS vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL...
CVE-2023-46015
Cross Site Scripting XSS vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL...