SUSE CVE-2007-6417

The shmemgetpage function mm/shmem.c in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service crash...

SUSE CVE-2009-2140

Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org OOo, allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238...

SUSE CVE-2013-1842

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...

SUSE CVE-2020-13765

romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability exists when the tuples user field is set to userset and the tuple's relation is used on the right-hand side of the from statement which allows an attacker to bypass the authorization mechanism under certain...

Authorization

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

CVE-2022-39352 OpenFGA Authorization Bypass

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

PT-2022-24921 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.5 Description: OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. The issue allows for authorization bypass under certain conditions, specifically when a tuple with a...

CVE-2022-39352 OpenFGA Authorization Bypass

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. Users whose model has a relation defined as a tupleset the right hand side of a from statement that involves anything other than a direct relationship are vulnerable to authorization bypass under certain conditions...

CLSA-2022-1666192732 Fix CVE(s): CVE-2022-1552

SECURITY UPDATE: Privileged arbitrary SQL function execution - debian/patches/CVE-2022-1552-1.patch: Make relation-enumerating operations be security-restricted operations - debian/patches/CVE-2022-1552-2.patch: In REFRESH MATERIALIZED VIEW, set user ID before running user code - CVE-2022-1552...

CVE-2022-35624

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO SegN...

Vulnerability fixed in AMD processors

AMD has fixed a vulnerability with reference CVE-2021-26401 for the Ryzen and Athlon processors. This vulnerability has the same cause as the vulnerability known as Spectre, with attribute CVE-2017-5717. This vulnerability allows a malicious party to obtain sensitive data from the memory of a loc...

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics, and has features such as threat network security event analysis and malware analysis. a cross-site scripting vulnerability exists in MISP, which stems from...

PT-2021-21856 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.147 Description: The issue allows Stored XSS when viewing galaxy cluster relationships. This occurs in the app/View/Elements/GalaxyClusters/view relation tree.ctp file. Recommendations: For MISP version 2.4.147, consider...

CVE-2021-37742

Summary: CVE-2021-37742 affects MISP 2.4.147 with a Stored XSS in the view file app/View/Elements/GalaxyClusters/view_relation_tree.ctp when viewing galaxy cluster relationships. The issue originates from that view template; exploitation could occur in the user’s browser when rendering the affect...

CVE-2020-8807

In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel...

UBUNTU-CVE-2021-3272

jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...

Hostel Management System 2.1 Cross Site Scripting

Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City Google Dork: N/A Date: 2020-10-08 Exploit Author: Kokn3t Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-syste...