19 matches found
BELL-CVE-2023-52993
Bulletin has no description...
CVE-2022-49353
In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: don't requests stats with '0' sized stats buffer Sachin reported 1 that on a POWER-10 lpar he is seeing a kernel panic being reported with vPMEM when paprscm probe is being called. The panic is of the form below...
BELL-CVE-2024-50221
Bulletin has no description...
CVE-2024-3938
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...
BIT-DOTNET-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability...
BIT-DOTNET-2023-38180 .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability...
PT-2024-1915 · Ibm · Ibm Qradar Suite +1
Name of the Vulnerable Software and Affected Versions: IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 Description: The issue is related to insufficient protection of registration data in IBM QRadar Suite and IBM Cloud Pak for...
GSD-2023-1001299 eventpoll: add EPOLL_URING_WAKE poll wakeup flag
eventpoll: add EPOLLURINGWAKE poll wakeup flag This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.162 by commit...
GSD-2022-1006273 netfilter: nf_tables: fix null deref due to zeroed list head
netfilter: nftables: fix null deref due to zeroed list head This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.291 by commit...
GSD-2022-1005511 kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...
GSD-2022-1002887 staging: rtl8712: fix uninit-value in usb_read8() and friends
staging: rtl8712: fix uninit-value in usbread8 and friends This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...
Dolibarr stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...
GSD-2022-1001848 power: supply: wm8350-power: Add missing free in free_charger_irq
power: supply: wm8350-power: Add missing free in freechargerirq This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...
CVE-2021-33041
vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require'childprocess'.execSync'calc.exe' on Windows and a similar attack on macOS...
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2021-27229
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text...
CVE-2020-2231
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Toke...
EMC RSA BSAFE triple handhsake TLS attacks
Certificate is not validated on renegotiation...
wheatblog ُSession.php Remote File Inclusion
Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll ?php includeonce"$wbclassdir/classDatabase.php"; function StartSession global $sessiondir; if $sessiondir != '' sessionsavepath$sessiondir; if ! isset$SESSION sessionstart; //...