Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

EUVD-2017-16215

Malware in sbrugna...

PT-2025-31465 · Git · Ndpi

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=432880859 Crash type: Heap-buffer-overflow READ 2 Crash state: ndpi match host subprotocol check content type and change protocol process request...

UBUNTU-CVE-2024-53043

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is...

XSS in function navigateTo

Vunerability The check for external links checks if the protocol is script:, which is not a valid protocol and allows the user to provide a valid javascript payload using javascript: protocol. ts if isExternal && parseURLtoPath.protocol === 'script:' throw new Error'Cannot navigate to an URL with...

PT-2023-12807 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to information disclosure in the modem due to an improper check of IP type while processing a DNS server query. Recommendations: At the moment, there is no information...

USN-5163-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the Option USB Hi...

Design/Logic Flaw

In Wire before 3.20.x, shell.openExternal was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The...

OPENSUSE-SU-2020:0763-1 Security update for python-rpyc

This update for python-rpyc to 4.1.5 fixes the following issues: Security issue fixed: - CVE-2019-16328: Fixed a missing protocol security check that could have led to code execution boo1152987. This update was imported from the openSUSE:Leap:15.1:Update update project...

Design/Logic Flaw

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...

CVE-2014-10065

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...

CVE-2014-10065

The CVE-2014-10065 entry concerns the remarkable Markdown parser. Affected: versions before 1.4.1. Root cause: input handling failed to properly restrict link protocols, permitting javascript: URLs to be injected into rendered content (XSS). Impact/notes: enables cross-site scripting via crafted ...

DEBIAN-CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

CVE-2012-2654

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

PYSEC-2012-37

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

CVE-2012-2654

CVE-2012-2654 affects OpenStack Compute (Nova) EC2 and OS APIs in Folsom, Essex, and Diablo releases. The vulnerability arises from improper protocol validation when creating security groups if the network protocol isn’t specified in lowercase, allowing remote attackers to bypass access restricti...