CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

Race condition

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

CVE-2023-0590

CVE-2023-0590: A use-after-free in qdisc_graft (net/sched/sch_api.c) due to a race condition in the Linux kernel can lead to denial of service. The issue is noted in multiple public bulletins (e.g., Astra Linux and IBM QRadar) referencing the same kernel component, with remediation via patch ebda...

answer authorization issue vulnerability

answer is an open source knowledge-based community software. answer 1.0.6 prior versions of the authorization problem vulnerability , the vulnerability stems from the request to set a new password in /answer/admin/api/user/password there is improper permission management , a low-privilege attacke...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

frauen-problem.de Cross Site Scripting vulnerability OBB-3229060

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-25685

IBM Security Guardium Key Lifecycle Manager (GKLM) is affected by CVE-2023-25685, an XML External Entity (XXE) vulnerability in XML data processing. A remote attacker could potentially expose sensitive information or cause memory resource consumption. The bulletin lists affected GKLM versions as ...

CBL Mariner 2.0 Security Update: kernel (CVE-2021-4202)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4202 advisory. - A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the...

CVE-2014-4920

The CVE-2014-4920 entry is confirmed to have concrete details in connected documents: the twitter-bootstrap-rails Gem for Rails contains a reflected XSS flaw in the bootstrap_flash helper, caused by inadequate input validation when handling flash messages before rendering to users. This can allow...

SAP NetWeaver AS Licensing Issue Vulnerability

SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but also is the basic platform for SAP software. SAP NetWeaver AS version 7.50 has an authorization problem vulnerability, which stems from the lack of authentication checks and can be...

CVE-2017-8231

CVE-2017-8231 is tracked in Arista EOS advisory 0029 and accompanying Nessus entry ARISTA_EOS_SA0029.NASL. Affected: Arista EOS platforms prior to 4.18.1F (various 4.16/4.17 releases listed). Issue: Rib agent restart when processing a malformed MP-BGP update attribute, caused by improper MPBGP up...

Cannot complete request when accessing HTTPS Storefront URL

When users access the storefront webpage they get an error saying "cannot complete request" on the detect workspace app / receiver web page...

PT-2025-18820 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A system hang was observed due to the IOCB counts being out of order, blocking commands and subsequently hanging the system. The issue was resolved by synchronizing the IOCB count ...

CVE-2022-43879

CVE-2022-43879 is an SSRF vulnerability reported by IBM affecting IBM Jazz Team Server (ELM) versions 7.0.1 and 7.0.2, with remediation via iFix022/iFix023. Separate IBM advisories also document the same CVE affecting QRadar WinCollect/WinCollect Agent versions 10.0–10.1.2, with remediation by up...

PVS - Imaging Wizard fails when creating Vdisk. Error after restart 'Imaging wizard did not restart'

When attempting to create a vDisk, the Imaging Wizard gets as far as requiring a reboot, but after the restart returns the error 'Imaging wizard did not restart'...

PT-2023-35415 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.12 Description: The issue concerns the initialization of the zlib workspace in btrfs. It has been noted that the zlib workspace is not properly zero-initialized, which may potentially lead to security issue...

CVE-2019-4660

CVE-2019-4660 is an AngularJS client-side template injection vulnerability affecting IBM InfoSphere Information Analyzer and Information Server on Cloud. The issue allows injection of AngularJS template syntax in an internal page request, which can be interpreted by Angular and lead to cross-site...

SUSE SLES12: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2023:0485-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0485-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

CVE-2019-4491

CVE-2019-4491 is an IBM MQ vulnerability where an error in the tracing functionality can be exploited to cause a denial-of-service. Connected IBM MQ advisories specify affected products and versions: IBM WebSphere MQ 7.1 (7.1.0.0–7.1.0.9), MQ 7.5 (7.5.0.0–7.5.0.9), MQ v8 (8.0.0.0–8.0.0.12), MQ v9...

CVE-2019-4240

CVE-2019-4240 is a bypass client-side validation vulnerability in IBM Cloud Pak System V2.3.0. An authenticated user with local access could bypass input validation and obtain administrator access due to the lack of server-side validation. IBM has addressed this by upgrading to V2.3.0.1 fixpak fo...