5103 matches found
CVE-2021-44840
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...
Exploit for OS Command Injection in Gerapy
CVE-2021-43857 Gerapy prior to version 0.9.8 is vulnerable to...
GSD-2021-1002747 net: stmmac: fix tc flower deletion for VLAN priority Rx steering
net: stmmac: fix tc flower deletion for VLAN priority Rx steering This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.11 by commit...
SAP Kicks Log4Shell Vulnerability Out of 20 Apps
SAP has identified 32 apps that are affected by CVE-2021-44228 – the critical vulnerability in the Apache Log4j Java-based logging library that’s been under active attack since last week. As of yesterday, Patch Tuesday, the German software maker reported that it’s already patched 20 of those apps...
DEBIAN-CVE-2018-25021
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...
UBUNTU-CVE-2018-25021
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...
Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021
Hello everyone! In this episode I want to highlight the latest changes in my Vulristics project. For those who dont know, this is a utility for prioritizing CVE vulnerabilities based on data from various sources.. Currently Microsoft, NVD, Vulners, AttackerKB. Command Line Interface I started...
gnome-shell 安全漏洞
gnome-shell is a shell that provides core user interface functionality such as switching windows, launching applications or viewing notifications for the GNOME desktop. A security vulnerability exists in gnome-shell, where an attacker with low privileged privileges may be able to exploit the...
CVE-2020-18684
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number...
Integer overflow
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number...
CVE-2020-18684
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number...
Floodlight 输入验证错误漏洞
Floodlight is an open source OpenFlow controller. Floodlight is vulnerable to an integer overflow vulnerability, which stems from the software having an integer overflow in the checkFlow of StaticFlowEntryPusherResource.java via priority or port number. No detailed vulnerability details are...
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
Description Hello dear firefly-iii team I found some CSRFs with low priority in firefly-iii...
[SECURITY] Fedora 34 Update: condor-8.8.15-1.fc34
HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...
Unchecked transfers found in 3 contracts
Handle maplesyrup Vulnerability details Impact This is a high priority vulnerability because it definitely affects the way that funds are transferred and sent between the contracts. You want to make sure that you check the boolean value from these transfer functions in order to make sure that the...
WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls
A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessin...
Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
A security vulnerability in Cisco Adaptive Security Appliance ASA that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept PoC exploit code. The PoC was published by researchers from...
The vulnerability of the Python Priority Library, related to resource management errors, allows a hacker to cause a service failure.
The vulnerability of the Python Priority Library is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
kernel: Use after free via PI futex state
A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...
The vulnerability of Linux operating system’s kernel-based PI futex components, which allows a hacker to execute arbitrary code at the kernel level
The vulnerability of Linux operating system’s kernel PI futexes relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code at the kernel level...