2674 matches found
GSD-2022-1007134 NFSD: Protect against send buffer overflow in NFSv3 READDIR
NFSD: Protect against send buffer overflow in NFSv3 READDIR This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
GSD-2022-1007109 NFSD: Protect against send buffer overflow in NFSv2 READDIR
NFSD: Protect against send buffer overflow in NFSv2 READDIR This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
GSD-2022-1006894 NFSD: Protect against send buffer overflow in NFSv3 READ
NFSD: Protect against send buffer overflow in NFSv3 READ This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006868 NFSD: Protect against send buffer overflow in NFSv2 READDIR
NFSD: Protect against send buffer overflow in NFSv2 READDIR This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
PT-2022-35116 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a potential underflow in the wfx send pds function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prio...
PT-2022-35150 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns a send buffer overflow in NFSv2 READ. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.3, update...
PT-2022-35149 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.3 Description: The issue concerns a send buffer overflow in NFSv3 READ. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to 6.0.3, update t...
PT-2022-35205 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.12 through v5.15.76 Description: A memory leak issue was discovered in the virtual nci send function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions v5.1...
PT-2022-34934 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: The issue is related to a NULL pointer dereference in the io msg send fd function. This problem was introduced in version v6.0 and is fixed in version v6.0.6. The actual impact and attack...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. An attacker exploits this vulnerability to bypass the Linux kernel's filtering rules via Bluetooth L2CAP invalid SPSM in...
kernel: iavf: Fix adminq error handling
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavfallocasqbufs/iavfallocarqbufs allocates with dmaalloccoherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Witho...
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
Updated curl packages fix security vulnerability
When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. CVE-2022-32221...
DEBIAN-CVE-2022-39282
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please...
# Arbitrary send of non protected function may lead into loss of funds
Lines of code Vulnerability details Arbitrary send of non protected function may lead into loss of funds Impact Unprotected call to a function sending Ether to an arbitrary address may lead into loss of funds. Proof Of Concept In BlurExchange.sol, method trasnferTo uses an arbitrary user to send...
Improper access control
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...
CVE-2022-40118
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/sendfundsaction.php...
CVE-2022-40113
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/sendfunds.php...
Online Banking System SQL注入漏洞
Online Banking System is an online banking system developed using PHP and MySQL. v1.0 of Online Banking System has a security vulnerability that stems from a SQL injection issue in the custid parameter in the /net-banking/sendfunds.php location. No detailed vulnerability details are available at...