1082 matches found
CVE-2024-38661
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...
CVE-2024-6125
CVE-2024-6125 is a WordPress plugin vulnerability in Login with phone number up to version 1.7.34. The issue allows unauthenticated password resets by guessing a 6-digit numeric code because the reset code is weak and there is no limit on attempts or time. Public sources confirm the root cause as...
CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...
CVE-2023-7264
The Build App Online plugin for WordPress (all versions up to 1.0.21) is vulnerable due to a weak password reset mechanism. An unauthenticated attacker can reset arbitrary user passwords by guessing a 4‑digit numeric reset code, enabling account takeover with high impact (C/H/I/A). The connected ...
Denial Of Service (DoS)
directus is vulnerable to Denial Of Service DoS. The vulnerability is caused by providing a non-numeric length value to the random string generation utility, which prevents the generation of random session IDs, resulting in Denial Of Service DoS...
GHSA-632P-P495-25M5 Directus is soft-locked by providing a string value to random string util
Describe the Bug Providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions...
PT-2024-26913 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.2 Description: Directus is a real-time API and App dashboard for managing SQL database content. Providing a non-numeric length value to the random string generation utility will create a memory issue, breaking...
SUSE CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
PT-2024-40342 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A high-level XSS risk has been identified in the encoding of validation messages in certain FormField classes. This issue affects form fields that present invalid content as part of...
DEBIAN-CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
UBUNTU-CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
CVE-2021-47428 powerpc/64s: fix program check interrupt emergency stack path
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
The vulnerability of the aqc111_rx_fixup() function in the Aquantia AQtion USB driver for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the aqc111rxfixup function in the drivers/net/usb/aqc111.c module of the Aquantia AQtion USB driver for the Linux operating system is related to a numerical overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...
PT-2024-40230 · Unknown · Doctrinemodule
Name of the Vulnerable Software and Affected Versions: DoctrineModule versions affected versions not specified Description: The issue allows an attacker to obtain a valid ZendAuthentication identity without knowing the user's credentials under certain circumstances. This is achieved by utilizing ...
The vulnerability of the `get_scaler_data_for_plane()` function in the `drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c` file, a video driver for AMD cores in the Linux operating system, allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the getscalerdataforplane function in the drivers/gpu/drm/amd/display/dc/dml2/dml2translationhelper.c file, a video driver for AMD cores in the Linux operating system, is related to a numerical overflow vulnerability. Exploiting this vulnerability could allow an attacker to...
Microsoft Windows DWM Core Library 数字错误漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A numeric error vulnerability exists in the Microsoft Windows DWM Core Library. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10...
CVE-2023-32143
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-32143
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-32143 D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...