27 matches found
Astra Linux - уязвимость в thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...
BIT-ACTIVEMQ-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the querystring processing. An attacker can exhaust system resources and disrupt service availability by submitting excessively long Boolean or disjunction queries. PoC GET search "query": "querystring":...
Exploit for CVE-2025-46018
CVE-2025-46018 – CSC Pay Mobile App Payment Authentication Byp...
Opay Mobile application 安全漏洞
Opay Mobile application is a lightweight application from Opay Inc. It is used to manage all banking or payment requirements. A security vulnerability exists in Opay Mobile application version 2.19.4, which originated from allowing a user to bypass payment authorization by disabling Bluetooth at ...
PT-2024-28483 · Adobe · Indesign Desktop
Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions ID19.4, ID18.5.2 and earlier Description: The issue is a NULL Pointer Dereference that could lead to an application denial-of-service DoS. An attacker could exploit this to crash the application, resulting in a DoS...
PT-2024-8570 · Adobe · Indesign Desktop
Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions ID19.4, ID18.5.2 and earlier Description: The issue is related to a Stack-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us...
Vitess 安全漏洞
Vitess is a database clustering system for horizontally scaling MySQL from Vitess. A security vulnerability exists in Vitess versions prior to 19.0.4, prior to 18.0.5, and prior to 17.0.7, which stems from a simple query that causes unlimited memory consumption when executed...
PT-2022-33322 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to the i740 calc vclk function in the i740fb module of the Linux Kernel. The problem arises from insufficient checking of the argument passed to this function. The actua...
PT-2022-33384 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.17 through v5.19.3 Description: The issue is related to the ASoC DPCM component. It was introduced in version v5.17 and fixed in version v5.19.4. The actual impact and attack plausibility have not yet been proven...
PT-2022-33344 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: A potential use-after-free bug has been identified. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.19.4, update to...
PT-2022-33355 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to the coresight: etm4x component and is intended to aid in the discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet...
CVE-2021-21600
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path...
curl: heap buffer overflow in function tftp_receive_packet()
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...
CVE-2020-1669
The Juniper Device Manager JDM container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local...
Cloud-init Security Feature Issue Vulnerability
Cloud-init is a virtual machine initialization tool for cloud platforms. A security vulnerability exists in cloud-init version 19.4 and earlier, which stems from a call to the 'random.choice' function by randstr in the cloudinit/util.py file. An attacker could use this vulnerability to guess a...
DEBIAN-CVE-2020-8632
In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to guess passwords...
CVE-2020-1611
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1...
USN-4190-1 libjpeg-turbo vulnerabilities
It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-14498 It was discovered that libjpeg-turbo incorrectly handled certain...