13 matches found
EUVD-2017-17006
Malware in sbrugna...
EUVD-2024-35212
Malicious code in bioql PyPI...
EUVD-2021-32688
Malicious code in bioql PyPI...
CVE-2024-47103
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2019-0928
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'...
CVE-2022-41290
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rmrlcachefile command to obtain root privileges. IBM X-Force ID: 236690...
CVE-2024-41783
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input...
CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...
Apache CloudStack Code Injection Vulnerability
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a code injection vulnerability that...
CVE-2022-22689
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...
SUSE-SU-2019:2572-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged gue...
Red Hat CloudForms Management Engine Logic Flaw Vulnerability
The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. A security vulnerability exists in dRuby in Red Hat CFME that stems from a failure to properly configure security settings. An attacker could explo...
Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
The xhcikickepctx function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service infinite loop and QEMU process crash via vectors related to control transfer descriptor sequence...