11967 matches found
frr bug fix and enhancement update
An update is available for frr. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.6...
eurotherm-sales.com Cross Site Scripting vulnerability OBB-2613414
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
XWiki has unspecified vulnerabilities
Xwiki Platform is a set of wiki platforms for creating web collaboration applications from the French company Xwiki. security vulnerabilities exist in versions of XWiki prior to 13.10.6, 14.3.1 and 14.4-rc-1. X509 certificate with RSA, there is a risk of conflict with SHA1. No details of the...
Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id
The plugin does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection https://example/wp-admin/admin.php?page=fmweseditproduct&id=1+AND+SELECT+6037+FROM+SELECTSLEEP5Uiuu...
Foxit PDF Editor < 11.2.2 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.2. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a...
F5 BIG-IP iControl SOAP Directory Traversal Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A directory traversal vulnerability exists in F5 BIG-IP iControl SOAP, which can be exploited by an attacker to send a crafted...
Design/Logic Flaw
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...
[SECURITY] Fedora 34 Update: golang-github-coredns-corefile-migration-1.0.11-5.fc34
Library and tools for migrating the CoreDNS corefile...
OSV-2022-380 Stack-buffer-overflow in sc_asn1_read_tag
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47035 Crash type: Stack-buffer-overflow READ 1 Crash state: scasn1readtag scasn1findtag cardoslistfiles...
GSD-2022-1002249 scsi: pm8001: Fix abort all task initialization
scsi: pm8001: Fix abort all task initialization This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit...
GSD-2022-1002080 RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...
GSD-2022-1001873 ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: mxs: Fix error handling in mxssgtl5000probe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...
GSD-2022-1001459 powerpc/kasan: Fix early region not updated correctly
powerpc/kasan: Fix early region not updated correctly This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
GSD-2022-1001287 exec: Force single empty string when argv is empty
exec: Force single empty string when argv is empty This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
GSD-2022-1001283 crypto: octeontx2 - remove CONFIG_DM_CRYPT check
crypto: octeontx2 - remove CONFIGDMCRYPT check This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
GSD-2022-1001259 ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
GSD-2022-1000990 btrfs: release correct delalloc amount in direct IO write path
btrfs: release correct delalloc amount in direct IO write path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...
VMware Workspace ONE Access / VMware Identity Manager Server-Side Template Injection
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. No source data...
Mattermost Access Control Error Vulnerability (CNVD-2022-31756)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. An Access Control Error vulnerability exists in Mattermost 6.4.x and earlier versions, which stems from an inability to properly invalidate a pending email invitation when executed from the system...
Wecul Nyron SQL Injection Vulnerability
A SQL injection vulnerability exists in Wecul Nyron version 1.0, which stems from a lack of validation of externally entered SQL statements in thes1 parameter of Nyron/Library/Catalog/winlibsrch.aspx. validation of external input SQL statements. An attacker could use this vulnerability to execute...