CVE-2023-46586

The CVE affects the Weborf web server implementation (cgi.c) prior to version 1.0. The root cause is a misused strncpy that fails to terminate CGI script paths with a null character, leaving input paths unterminated. This impacts Weborf releases before 1.0 across reported versions (0.17–0.20). Pr...

CVE-2023-36325

CVE-2023-36325 affects i2p before 2.3.0 (Java). A correlation attack during a tunneled, replayed message with a behavior discrepancy can de-anonymize the public IPv4 and IPv6 addresses of i2p hidden services (eepsites). Impact is de-anonymization; attack would take days to complete. Affected vers...

CVE-2023-46586

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 before 1.0 lacks '\0' termination of the path for CGI scripts because strncpy is misused...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2583)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2557)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2505)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services,...

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app...

CVAD 2402 - Unable to launch the desktop intermittently

Desktop launches and then disappears. Once the machine is rebooted sometimes it works and sometimes it does not work even after reboot. Problem started after upgrading from VDA 2209/2311 to VDA 2402...

FIDO2 redirection in Chrome and Edge doesn't work

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/fido2.htmllocal-authorization-and-virtual-authentication-using-fido2-and-webauthn was followed. However devices which use Fido2 such as fingerprint readers and YubiKey devices are not detected in the browser,...

Unspecified vulnerability in Linux kernel (CNVD-2024-40281)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a deadlock problem. No details of the vulnerability are provided at this time...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a deadlock problem...

FreeBSD : FreeBSD -- NFS client accepts file names containing path separators (c02b8db5-771b-11ef-9a62-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c02b8db5-771b-11ef-9a62-002590c1f29c advisory. When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames fo...

Unspecified vulnerability in Linux kernel (CNVD-2024-39352)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a divide-by-zero problem. No details of the vulnerability are provided at this time...

Unspecified vulnerability in Linux kernel (CNVD-2024-39265)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a divide-by-zero problem. No details of the vulnerability are provided at this time...

Unspecified vulnerability in Linux kernel (CNVD-2024-39262)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a deadlock problem. No details of the vulnerability are provided at this time...

CVE-2022-25775

CVE-2022-25775 affects Mautic, specifically the Reports bundle. The vulnerability is an SQL injection in dynamic Reports, allowing an authenticated, logged-in user to retrieve and alter data, potentially exposing sensitive information, compromising credentials, and, depending on database permissi...

CVE-2022-25774

CVE-2022-25774 affects Mautic prior to 4.4.12. A self‑XSS in the notifications you save for Dashboards allows logged‑in users to inject/execute JavaScript in the notification content. Remediation: update to Mautic 4.4.12 or later. No exploitation details are provided in the supplied documents.

CVE-2022-25769

CVE-2022-25769 relates to Mautic where the default .htaccess contains an improper regex in the htaccess FilesMatch rule that only checks the filename, not the full path. This logic flaw allows improper access control and could enable unauthorized access to restricted PHP files in the root directo...