CVE-2025-38224 can: kvaser_pciefd: refine error prone echo_skb_max handling logic

In the Linux kernel, the following vulnerability has been resolved: can: kvaserpciefd: refine error prone echoskbmax handling logic echoskbmax should define the supported upper limit of echoskb allocated inside the netdevice's priv. The corresponding size value provided by this driver to...

CVE-2024-35818

CVE-2024-35818 : In the Linux kernel, LoongArch-specific fix defines the __io_aw() hook as mmiowb() to address issues from removing explicit mmiowb() invocations in drivers. The patch relocates the mmiowb tracking to handle mutex-protected MMIO, since some MMIO regions (e.g., in radeon) are guard...

Hard coding ChainID is error prone

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Input validation

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

MariaDB DoS Vulnerability (MDEV-25635) - Linux

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

Cherokee Web Server 0.4.27 <= 1.2.104 DoS Vulnerability

Cherokee Web Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

heizung24shop.de Cross Site Scripting vulnerability OBB-1202704

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

roadsidesurgery.com XSS vulnerability

Open Bug Bounty ID: OBB-575114 Description| Value ---|--- Affected Website:| roadsidesurgery.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability

Vulnerability description: -------------------------- The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. 1...

Mozilla Firefox ESR Security Advisories (MFSA2016-49, MFSA2016-61) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Fastream NetFile 6.0.3 .588 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8908/info It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a 404...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

CVE-2013-3568 - Linksys CSRF + Root Command Injection

Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...

Active Perl Modules Multiple Vulnerabilities (Windows)

The host is installed with Active Perl and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbactiveperlmodulesmultvulnwin.nasl 6115 2017-05-12 09:03:25Z teissa $ Active Perl Modules Multiple Vulnerabilities Windows Authors: Arun Kallavi Copyright: Copyright c 2012 Greenbone...

Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Mac OS X)

This host is installed with Adobe Shockwave player and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeshockwaveplayermultvuln01feb13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 Mac OS X Authors: Thanga Praka...

Elastix 'graph.php' Local File Include Vulnerability

Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Cyclope Employee Surveillance Solution Local File Inclusion Vulnerability

This host is running Cyclope Employee Surveillance Solution and is prone to local file inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbcyclopeemployeesurveillancelfivuln.nasl 7577 2017-10-26 10:41:56Z cfischer $ Cyclope Employee Surveillance Solution Local File Inclusion Vulnerability...

Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

Binary data 6508.pasl...

PHP < 4.4.9 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

MySQL / MariaDB Authentication Bypass (Apr 2012) - Active Check

MySQL / MariaDB is prone to an authentication bypass. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...