GSD-2022-1003358 drm/msm: don't free the IRQ if it was not requested

drm/msm: don't free the IRQ if it was not requested This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...

GHSA-4GFX-P2J4-W2VH Alkacon OpenCMS XSS via title and requestedResource parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...

Alkacon OpenCMS XSS via title and requestedResource parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...

GHSA-Q3CJ-2R34-2CWC Improper input validation in cryptography

HKDF in cryptography before 1.5.3 returns an empty byte-string if used with a length less than algorithm.digestsize...

plasson-pead.com.br Cross Site Scripting vulnerability OBB-2304264

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SavingsAccount withdrawAll and switchStrategy can freeze user funds by ignoring possible strategy liquidity issues

Handle hyh Vulnerability details Impact Full withdrawal and moving funds between strategies can lead to wrong accounting if the corresponding market has tight liquidity, which can be the case at least for AaveYield. That is, as the whole amount is required to be moved at once from Aave, both...

Charity Management System CMS 1.0 - Multiple Vulnerabilities

Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...

CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

HackerOne: HackerOne making payments in USDC (Coinbase stable coin)

Summary: Hello Everyone, My name is Ariel and I’m a manager in HackerOne’s community team. As a part of a Hack Week project, HackerOne is now supporting payments via USDC, Coinbase’s stable coin. This has been a feature requested by many hackers, that we are now glad to announce as supported. Mor...

Denial of service

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none...

Report: CISA Chief Expects White House to Fire Him

Top U.S. cybersecurity official Christopher Krebs said he expects to be fired by the Trump administration after he delivered a secure presidential election that didn’t go in the current administration’s favor. Krebs, the first and current director of the Department of Homeland Security’s DHS’s...

UBUNTU-CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

CVE-2019-5705

This CVE-2019-5705 entry is rejected and not used.

Directory Traversal

iobroker.admin is vulnerable to directory traversal. The vulnerability exists as it allows reading of files that exists outside the public folder by adding %2e%2e/ in the requested file path...

Spring Security OAuth - Open Redirector

Spring Security OAuth - Open Redirector Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

CVE-2018-17989

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...

FreeBSD : Jupyter notebook -- cross-site inclusion (XSSI) vulnerability (72a6e3be-483a-11e9-92d7-f1590402501e)

Jupyter notebook Changelog : 5.7.6 contains a security fix for a cross-site inclusion XSSI vulnerability, where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server. The fix involves setting the X-Content-Type-Options: nosniff...

CVE-2018-7916

CVE-2018-7916 entry is rejected and not used and does not represent an active vulnerability.