UBUNTU-CVE-2025-38282

In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak -- callers don't use it afterwards but it's important for...

Fedora 37 : libetpan (2022-f092bc8f7b)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-f092bc8f7b advisory. A potential bug is found on libetpan that when IMAP client receives invalid STATUS response, an invalid free can occur on mailimapmailboxdatastatusfree. This...

CVE-2024-41957

A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try t...

CVE-2024-39276 ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix mbcacheentry's erefcnt leak in ext4xattrblockcachefind Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mbcachedestroy+0x224/0x290 Modules...

CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

Fedora 35 : libetpan (2022-df2f4923ea)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-df2f4923ea advisory. A potential bug is found on libetpan that when IMAP client receives invalid STATUS response, an invalid free can occur on mailimapmailboxdatastatusfree. This...

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...

Modernize Code Quality with ‘Quick Fixes’

Delivering functional code that is reliable, safe, and on schedule is a high priority for most development teams. And you’ll agree that the earlier in your workflow you address quality and security issues, the better and cheaper!. Today, I’d like to give you a quick tour of how you can maximize...

vscode-ghc-simple 安全漏洞

vscode-ghc-simple is a software application. A quick fix operation is provided. A security vulnerability exists in vscode-ghc-simple. The vulnerability allows remote code execution via a manual workspace configuration using replCommand...

Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header...

worshipyourclothes.com XSS vulnerability

Open Bug Bounty ID: OBB-591037 Description| Value ---|--- Affected Website:| worshipyourclothes.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

litbang.esdm.go.id XSS vulnerability

Open Bug Bounty ID: OBB-512114 Description| Value ---|--- Affected Website:| litbang.esdm.go.id Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation

Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's ...

phpTrafficA 2.3 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: An SQL injection exists in Php/Functions/logfunction.php, line 933: $sql3 ="INSERT INTO $tablehost SET...

PHPNuke-Clan <= 4.2.0 - (mvcw_conver.php) RFI Vulnerability

No description provided by source. '/ -.- --------------------------oOO------OOo------------------------- | PHPNuke-Clan = v4.2.0 mvcwconver.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------------------ ! Discovered: DNX ! Vendor:...

VWar <= 1.5.0 R15 - (mvcw.php) Remote File Inclusion Vulnerability

No description provided by source. '/ -.- --------------------oOO------OOo-------------------- | VWar = v1.5.0 R15 mvcw.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.vwar.de ! Detected: 26.02.2007 !...

osCommerce 2.3.3.4 - geo_zones.php?zID SQL Injection

osCommerce 2.3.3.4 - geozones.php?zID SQL Injection Title: osCommerce v2.x SQL Injection Vulnerability Dork: Powered by osCommerce Author: Ahmed Aboul-Ela Contact: ahmed.aboul3laatgmaildotcom - http://twitter.com/secgeek Vendor : http://www.oscommerce.com Version: v2.3.3.4 current latest release...

SMB QuickFixEngineering (QFE) Enumeration

By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid62042; scriptversion"1.8";...

AOL Postmaster Website hacked by HODLUM

AOL Postmaster Website hacked byHODLUM AOL'spostmaster.aol.com website was hacked Saturday afternoon by someone who goes by the name "HodLuM." The site was slightly defaced with a message from the hacker. "AOL S3RV3RZ ROOT3D BY HODLUM LOLZ! ," the message read. AOL finally discovered the hack, an...

Mozilla Repatches Firefox Plug-In

For the second time in two months, Mozilla has rushed out a fix for Firefox to patch a problem with a browser update issued just days before. Read the full article. Computerworld...