7455 matches found
SourceCodester Online Covid Vaccination Scheduler System 代码问题漏洞
SourceCodester Online Covid Vaccination Scheduler System is an application from SourceCodester, Inc. Efficiently manage COVID-19 vaccinations with a reliable vaccine scheduling and queue management solution. An arbitrary file upload vulnerability exists in the SourceCodester Online Covid...
SourceCodester Online Covid Vaccination Scheduler System SQL Injection Vulnerability (CNVD-2021-99649)
SourceCodester Online Covid Vaccination Scheduler System is an application from SourceCodester, Inc. efficiently manages COVID-19 vaccinations through a reliable vaccine scheduling and queue management solution. SourceCodester Online Covid Vaccination Scheduler System is vulnerable to SQL...
Swisslog Healthcare Nexus Panel 数字错误漏洞
Swisslog Healthcare Nexus Panel, a medical device from Swisslog Healthcare, has a security vulnerability in versions prior to Nexus Control Panel 7.2.5.7. The vulnerability can be exploited to override the internal queue data structure, allowing for remote code execution...
RUSTSEC-2021-0093 Data race in crossbeam-deque
In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this stil...
Vulnerabilities fixed in Xerox FreeFlow Print Server
Xerox has fixed vulnerabilities in Freeflow Print Server. This patch update includes, among other things, a fix for the PrintNightmare vulnerability located in the Windows Print Spooler service and affects the Windows Print Queue. Xerox has released updates to fix vulnerabilities in Freeflow prin...
The vulnerability of the Apache HTTP Server’s web server, related to a queue overflow, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Apache HTTP Server web server is related to a heap overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (important)
openSUSE Security Update: Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly Announcement ID: openSUSE-SU-2021:1819-1 Rating: important References: 1181255 SLE-13843 Cross-References: CVE-2021-3185 CVSS scores: CVE-2021-318...
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
...
PT-2021-3599 · Cisco · Cisco Broadworks Application Server
Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks Application Server affected versions not specified Description: The issue is related to insufficient protection of internal data in the XSI-Actions interface of the Cisco BroadWorks Application Server. This could allow a remo...
FreeBSD : jenkins -- multiple vulnerabilities (9d271bab-da22-11eb-86f0-94c691a700a6)
Jenkins Security Advisory : DescriptionMedium SECURITY-2278 / CVE-2021-21670 Improper permission checks allow canceling queue items and aborting builds High SECURITY-2371 / CVE-2021-21671 Session fixation vulnerability %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
CVE-2021-21670
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission...
CVE-2021-21670
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission...
PT-2021-14713 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.299 and earlier Jenkins LTS versions 2.289.1 and earlier Description: The issue allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read...
WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls
A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessin...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
DEBIAN-CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
osTicket Cross-Site Scripting Vulnerability
osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/class.queue.php...