Exploit for Incorrect Authorization in Cacti

Exploit For CV...

Exploit for Incorrect Authorization in Cacti

Cacti | Auth Bypass | RCE | CVE-2022-46169 Cacti: Unauthentica...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 Exploit Description In Spring Cloud Funct...

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting governments and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or...

CVE-2021-26409

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table RMP memory, potentially resulting in a loss of SNP Secure Nested Paging memory integrity...

CVE-2021-26409

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table RMP memory, potentially resulting in a loss of SNP Secure Nested Paging memory integrity...

Out-of-bounds

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table RMP memory, potentially resulting in a loss of SNP Secure Nested Paging memory integrity...

CVE-2021-26409

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table RMP memory, potentially resulting in a loss of SNP Secure Nested Paging memory integrity...

CVE-2021-26409

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table RMP memory, potentially resulting in a loss of SNP Secure Nested Paging memory integrity...

PT-2023-1404 · Amd · Amd Secure Encrypted Virtualization-Encrypted State

Name of the Vulnerable Software and Affected Versions: AMD Secure Encrypted Virtualization-Encrypted State SEV-ES affected versions not specified Description: The issue is related to insufficient bounds checking in the implementation of AMD Secure Encrypted Virtualization-Encrypted State SEV-ES...

PT-2023-3269 · Western Digital · Western Digital My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.26.119 Description: The issue is caused by a command that reads files from a privileged location and creates a system command without sanitizing the read data, leading to an OS Command Injecti...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

Debian: Security Advisory (DSA-5311-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Tomcat 9.0.0-M1 < 9.0.68 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0. It is, therefore, affected by a request smuggling vulnerability. If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader t...

Apache Tomcat 8.5.x < 8.5.83 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0. It is, therefore, affected by a request smuggling vulnerability. If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader t...

Apache Tomcat 10.1.0-M1 < 10.1.1 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0. It is, therefore, affected by a request smuggling vulnerability. If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader t...

Apache Tomcat 10.0.0-M1 < 10.0.27 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0. It is, therefore, affected by a request smuggling vulnerability. If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader t...

PT-2025-54030

Name of the Vulnerable Software and Affected Versions linux affected versions not specified Description A flaw exists in the Linux kernel related to RDMA/efa resource deallocation. Specifically, the order of resource deallocation was incorrect, potentially leading to a refcount underflow when...

GHSA-XV6X-456V-24XH gotify/server vulnerable to Cross-site Scripting in the application image file upload

Impact The XSS vulnerability allows authenticated users to upload .html files. With that, an attacker could execute client side scripts if another user opened a link, such as: https://push.example.org/image/alphanumeric string.html An attacker could potentially take over the account of the user...

Spoofing

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...