Siemens Automation License Manager File Name or Path External Control Vulnerability

The Automation License Manager ALM centrally manages license keys for various Siemens software products. Software products that require a license key automatically report this requirement to ALM. When ALM finds a valid license key for the software, the software can be used according to the end-us...

Buffer overflow

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

Kibana 7.10.2 < 7.14.1 Code Execution

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Out-of-bounds Read in function build_stl_str_hl

Out-of-bounds Read in function buildstlstrhl at buffer.c:4350 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochor01s.dat -c :qa!...

ISC BIND DoS Vulnerability (CVE-2012-5689) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

PUB-A-238117921

Bulletin has no description...

CVE-2020-12559

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

CVE-2020-12551

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

Textpattern 4.8.8 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...

lemonument.ch Cross Site Scripting vulnerability OBB-3112693

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Pair.sol:close() does not recover any of the base token / liquidity tokens before destroying it

Lines of code Vulnerability details Impact If pair hold any of the native or any other liquidity tokens, that never be recovered if the pair is destroyed. Proof of Concept owner has special rights to destroy the pair if it is compromised. But before destroy, it does not recover any of of the toke...

Might lose manager forever

Lines of code Vulnerability details Impact If project sets new manager with a typo, might lose manager forever Proof of Concept function setManager address manager public onlyOwner manager = manager; https://twitter.com/realgmhacker/status/1603362870699429889?s=20&t=vm4wY1ITefLhCW8BDa0oig...

Helm vulnerable to denial of service through schema file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...

turismo.jardinopolis.sc.gov.br Cross Site Scripting vulnerability OBB-3099018

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GSD-2022-1008366 nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()

nfc: nfcmrvl: Fix potential memory leak in nfcmrvli2cncisend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.333 by commit...

GSD-2022-1008287 iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()

iio: adc: at91adc: fix possible memory leak in at91adcallocatetrigger This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.300 by commit...

GSD-2022-1008258 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

Bluetooth: L2CAP: Fix use-after-free caused by l2capreassemblesdu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.265 by commit...

GSD-2022-1008246 dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()

dmaengine: mvxorv2: Fix a resource leak in mvxorv2remove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...

GSD-2022-1007761 bpf: Fix memory leaks in __check_func_call

bpf: Fix memory leaks in checkfunccall This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit 83946d772e756734a900ef99dbe0aeda506adf3...

GSD-2022-1007723 ftrace: Fix null pointer dereference in ftrace_add_mod()

ftrace: Fix null pointer dereference in ftraceaddmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...