CVE-2025-38224 can: kvaser_pciefd: refine error prone echo_skb_max handling logic

In the Linux kernel, the following vulnerability has been resolved: can: kvaserpciefd: refine error prone echoskbmax handling logic echoskbmax should define the supported upper limit of echoskb allocated inside the netdevice's priv. The corresponding size value provided by this driver to...

CVE-2024-35818

CVE-2024-35818 : In the Linux kernel, LoongArch-specific fix defines the __io_aw() hook as mmiowb() to address issues from removing explicit mmiowb() invocations in drivers. The patch relocates the mmiowb tracking to handle mutex-protected MMIO, since some MMIO regions (e.g., in radeon) are guard...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the ability to disclose information in the error-prone data area, allowing an intruder to gain unauthorized access to the database.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the disclosure of information in the error-prone data area. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized acces...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the ability to disclose information in error-prone areas of the data. This allows attackers to compromise the integrity of the data.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the disclosure of information in error-prone areas of the data. Exploiting this vulnerability can allow a malicious actor to influence the integrity of the data...

The vulnerability of the distributed Git version control system, related to the exposure of information in the error-prone data area, allows a perpetrator to gain access to confidential data.

The vulnerability of the distributed Git version control system is related to the exposure of information in the error-prone data area. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential data...

Hard coding ChainID is error prone

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

The vulnerability of the `nodeIntegrationInSubFrames` parameter in the software platform for creating Electron applications allows a hacker to disclose protected information.

The vulnerability of the “nodeIntegrationInSubFrames” parameter in the software platform for creating Electron applications relates to the disclosure of information in error-prone data areas. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...

Input validation

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

Vulnerability of software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission devices—related to the disclosure of information in error-prone areas—allows a perpetrator to disclose protected information.

The vulnerability of the software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves exposing information in the error-prone data area. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information through a specially...

The vulnerability of the Microsoft Visual Basic development environment and the Microsoft Office suite relates to the disclosure of information in the error-prone data area, allowing the disclosure of protected information.

The vulnerability of the Microsoft Visual Basic development environment and the Microsoft Office suite is related to the disclosure of sensitive information in error-prone data areas. Exploiting this vulnerability can allow attackers to disclose protected information...

MariaDB DoS Vulnerability (MDEV-25635) - Linux

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

Cherokee Web Server 0.4.27 <= 1.2.104 DoS Vulnerability

Cherokee Web Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

heizung24shop.de Cross Site Scripting vulnerability OBB-1202704

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

roadsidesurgery.com XSS vulnerability

Open Bug Bounty ID: OBB-575114 Description| Value ---|--- Affected Website:| roadsidesurgery.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability

Vulnerability description: -------------------------- The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. 1...

Mozilla Firefox ESR Security Advisories (MFSA2016-49, MFSA2016-61) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Fastream NetFile 6.0.3 .588 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8908/info It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a 404...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

CVE-2013-3568 - Linksys CSRF + Root Command Injection

Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...

Active Perl Modules Multiple Vulnerabilities (Windows)

The host is installed with Active Perl and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbactiveperlmodulesmultvulnwin.nasl 6115 2017-05-12 09:03:25Z teissa $ Active Perl Modules Multiple Vulnerabilities Windows Authors: Arun Kallavi Copyright: Copyright c 2012 Greenbone...