SUSE CVE-2016-6210

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provid...

SUSE CVE-2017-8438

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...

SUSE CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as ...

SUSE CVE-2019-19603

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...

SUSE CVE-2020-12244

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in Concrete CMS concrete5 versions prior to 8.5.10 and 9.0.0 through 9.1.2, which stems from allowing association with a...

HCL Technologies HCL Domino 输入验证错误漏洞

HCL Technologies HCL Domino is a software application from HCL Technologies, India. It provides a platform for application development. A security vulnerability exists in HCL Domino, which can be exploited by an attacker to bypass access restrictions on HCL Domino data iNotes, by linking through...

CVE-2022-31219

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

GHSA-9CCM-G362-2R35 XWork in Apache Struts Reveals Sensitive Information

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

kernel: Local denial of service in bond_ipsec_add_sa

A NULL pointer dereference flaw was found in the Linux kernel’s bonding driver in the way a user bonds non existing or fake device. This flaw allows a local user to crash the system, causing a denial of service...

openstack-neutron: Routes middleware memory leak for nonexistent controllers

A resource-allocation flaw was found in openstack-neutron. An authenticated attacker could make API requests involving nonexistent controllers causing the API worker to consume increasing amounts of memory. This flaw could be exploited to force API performance degradation or denial of service...

openstack-neutron: Routes middleware memory leak for nonexistent controllers

A resource-allocation flaw was found in openstack-neutron. An authenticated attacker could make API requests involving nonexistent controllers causing the API worker to consume increasing amounts of memory. This flaw could be exploited to force API performance degradation or denial of service...

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...

USN-5117-1 linux-oem-5.13 vulnerabilities

It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAPSYSADMIN could use this to cause a denial of service. CVE-2021-3739 It was discovered that the Qualcomm IPC Router protocol implementation in the Linux...

UBUNTU-CVE-2021-40797

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API...

PT-2021-22954 · Openstack +3 · Openstack Neutron +3

Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions prior to 16.4.1 OpenStack Neutron versions 17.x prior to 17.2.1 OpenStack Neutron versions 18.x prior to 18.1.1 Description: An issue in the routes middleware allows an authenticated user to cause API performance...

GHSA-5PG8-H4GV-M3P8 Null pointer deference in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent...

DEBIAN-CVE-2021-30155

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page...

CVE-2021-28306

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent...