EUVD-2019-3172

Malware in sbrugna...

EUVD-2004-2476

Malware in sbrugna...

EUVD-2008-4042

Malware in sbrugna...

CVE-2023-3867

In CVE-2023-3867, the Linux kernel ksmbd SMB2 session setup function smb2_sess_setup could perform an out-of-bounds read when a compound SMB2 request contains a second payload, enabling an OOB read while processing the first payload. The issue is tied to not handling the case where smb2 session s...

CVE-2023-3866

CVE-2023-3866 : In the Linux kernel ksmbd, the compound-request handling failed to validate session and tree identifiers if the first operation is not an SMB2 ECHO. This could allow a NULL dereference when a subsequent operation accesses work->sess or work->tcon, leading to a local impact. ...

CVE-2023-3865

CVE-2023-3865 affects the ksmbd component of the Linux kernel (smb2_write). Root cause: ksmbd_smb2_check_message does not validate hdr->NextCommand; if NextCommand > Offset+Length of smb2 write, an oversized length allows an out-of-bounds read in smb2_write. Implication: out-of-bounds read ...

CVE-2023-32249

CVE-2023-32249 affects the Linux kernel ksmbd component. The issue is mitigated by a patch that returns STATUS_NOT_SUPPORTED when the binding session is a guest on multichannel, effectively disallowing guest access for that path. The NVD metrics classify the impact as locally exploitable with low...

CVE-2023-32255

CVE-2023-32255 affects the Linux kernel ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion. The provided connected documents (NVD, OSV entries, and vendor advisories) confirm this beha...

CVE-2023-2593

CVE-2023-2593: Linux kernel vulnerability in TCP connection handling causes memory not released after its lifetime, enabling unauthenticated network-based denial-of-service. Severity listed as CVSS v3.1 Base Score 5.9 (Medium); attack vector: NETWORK, user interaction: NONE, privileges required: ...

CVE-2015-0849

The CVE-2015-0849 entry concerns pycode-browser before version 1.0, which is reportedly vulnerable to a predictable temporary file vulnerability. The connected data confirms multiple advisories (e.g., Red Hat, Debian OSV, Ubuntu, CIRCL, NVD, UB/CVE) referencing the same issue. According to the NV...

CVE-2015-0843

CVE-2015-0843 affects yubiserver, with versions before 0.6 vulnerable to buffer overflows caused by misuse of sprintf. The connected sources consistently describe the issue as a buffer overflow risk in yubiserver before 0.6. No exploitation details, affected versions beyond the stated pre-0.6, or...

CVE-2015-0842

The vulnerability CVE-2015-0842 affects yubiserver prior to version 0.6. The issue is a SQL injection in the server that can lead to an authentication bypass. The available documents confirm the affected software/component and the underlying cause (SQL injection) and indicate a potentially severe...

CVE-2013-1424

CVE-2013-1424 is a buffer overflow vulnerability in matplotlib, fixed by the upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. Affected products/versions are not explicitly listed in the provided docs, but multiple sources describe remediation as upgrading matplotlib to version 1.5.0 or h...

CVE-2021-41691

CVE-2021-41691 affects OS4Ed Open Source Information System Community v8.0 (openSIS). The openSIS 8.0 product is reported vulnerable to SQL injection through the POST endpoint /TransferredOutModal.php, using the parameters student_id and TRANSFER[SCHOOL]. The Nuclei template confirms an HTTP POST...

CVE-2023-5600

Removed by vendor...

CVE-2024-4994

CVE-2024-4994 describes a CSRF vulnerability in GitLab CE/EE affecting multiple release lines: 16.1.0–16.11.4, 17.0.x before 17.0.3, and 17.1.x before 17.1.1. The issue allows execution of arbitrary GraphQL mutations via CSRF on GitLabs GraphQL API. Mitigation is to upgrade to the fixed versions...

TencentOS Server 3: libwebp (TSSA-2023:0051)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0051 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2019-14270

Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape...

CVE-2024-33939

CVE-2024-33939 relates to the WordPress plugin Masteriyo – LMS (<= 1.7.3). Affected component: Masteriyo LMS REST endpoints exposing course progress data. Root cause: authentication/authorization bypass (insecure direct object reference) that allows unauthenticated users to access course progr...

CVE-2024-3062

The CVE-2024-3062 entry concerns the WordPress plugin Save as Image by Pdfcrowd (pre-3.2.2). It documents that certain settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Affected com...