GHSA-6F62-3596-G6W7 HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

Vim < 9.1.0707 Buffer Overflow Vulnerability

According to its version, the version of Vim installed on the remote host is prior to 9.1.0707. It is, therefore affected by a buffer overflow vulnerability. Patch v9.1.0038 optimized how the cursor position is calculated and in doing so introduced the possibility for heap-buffer-overflow when...

CVE-2024-45306

A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was...

PT-2024-31260 · Pi Camera · Pi Camera

Name of the Vulnerable Software and Affected Versions: Pi Camera project version 1.0 Description: A remote code execution RCE vulnerability exists due to improper sanitization of user input passed to the position GET parameter in the tilt.php script. An attacker can exploit this by sending crafte...

DEBIAN-CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

UBUNTU-CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306 heap-buffer-overflow in Vim

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306 heap-buffer-overflow in Vim

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

PT-2024-31559 · Vim +5 · Vim +5

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.0707 Description: Vim is an open source, command line text editor. A change in how the cursor position is calculated, made in patch v9.1.0038, removed a loop that verified the cursor position always points inside a...

UBUNTU-CVE-2024-43914

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUGON can be triggerred by the test:...

CVE-2024-43914 md/raid5: avoid BUG_ON() while continue reshape after reassembling

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUGON can be triggerred by the test:...

SourceCodester Online Graduate Tracer System 跨站脚本漏洞

SourceCodester Online Graduate Tracer System is a web-based application project developed by SourceCodester using PHP and MySQL database. Its main purpose is to provide a platform for a school to track their alumni and generate graphical reports on alumni status. A cross-site scripting...

CVE-2024-7570

CVE-2024-7570 affects Ivanti ITSM on-prem and Neurons for ITSM (versions 2023.4 and earlier). The root cause is improper certificate validation, enabling a remote attacker in a network-positioned MITM to craft a token that grants access to ITSM as any user. The vulnerability is rated HIGH on both...

CVE-2024-7570

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...

CVE-2024-41681

A vulnerability has been identified in Location Intelligence family All versions V4.4. The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connectio...

CVE-2024-6954

A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site scripting. The attack can be launched...

PT-2024-37993 · Sourcecodester · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A vulnerability was found in the SourceCodester Record Management System, affecting an unknown functionality of the file sort1.php. The manipulation of the position argument lea...