Lucene search
+L

77 matches found

RedhatCVE
RedhatCVE
added 2025/01/31 7:2 p.m.6 views

CVE-2025-21673

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...

5.5CVSS6.5AI score0.002EPSS
Exploits0References4
NVD
NVD
added 2025/01/31 12:15 p.m.11 views

CVE-2025-21673

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...

5.5CVSS0.002EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/01/31 11:25 a.m.14 views

CVE-2025-21673

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...

5.5CVSS5.6AI score0.002EPSS
Exploits0
OSV
OSV
added 2025/01/31 11:25 a.m.8 views

CVE-2025-21673 smb: client: fix double free of TCP_Server_Info::hostname

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...

5.5CVSS6.5AI score0.002EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/12/26 8:20 p.m.26 views

lgsl Stored Cross-Site Scripting vulnerability

Summary A stored cross-site scripting XSS vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. Details The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This...

5.3CVSS5.4AI score0.00435EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.215 views

Splunk __raw Server Info Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk raw Server Info Disclosure ', 'Description' = %q Splunk 6.2.3 through 7.0.1 allows information disclosure by appending...

5.3CVSS7AI score0.98371EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.8 views

PT-2024-26834

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description A potential deadlock in the cifs sync mid result function has been resolved. The issue was spotted by Coverity, which identified a thread deadlock due to lock ordering. The problem occurs when...

7.5CVSS5.4AI score0.00166EPSS
Exploits0
Metasploit
Metasploit
added 2023/12/28 7:50 p.m.523 views

Splunk __raw Server Info Disclosure

Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /raw/services/server/info/server-info?outputmode=json to a query. Versisons 6.6.0 through 7.0.1 require authentication. Module Options msf use auxiliary/gather/splunkrawserverinfo msf auxiliarysplunkrawserverinfo show actions...

5.3CVSS5AI score0.98371EPSS
Exploits7
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.7 views

VulnCheck KEV: CVE-2018-11409

Splunk through 7.0.1 allows information disclosure by appending raw/services/server/info/server-info?outputmode=json to a query, as demonstrated by discovering a license key...

5.3CVSS6AI score0.98371EPSS
Exploits7References1
Prion
Prion
added 2023/11/14 7:15 p.m.15 views

Code injection

Uncontrolled search path element in some IntelR Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...

4.3CVSS7.3AI score0.00191EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2023/07/23 12:0 a.m.41 views

Information leakage vulnerability in Dahua DSS system

DSS Digital Surveillance System is a digital surveillance management system developed by Zhejiang Dahua Technology Co. There is an information leakage vulnerability in Dahua DSS system, which can be exploited by an attacker to obtain server related information and cause information leakage...

6.5AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.5 views

WordPress Server Info Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Server Info Type Plugin Vulnerable versions = 2.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 548d1464357e Credits Rafie Muhammad Patchstack Required privile...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

D-Link DIR-1935 操作系统命令注入漏洞

The D-Link DIR-1935 is a wireless router from China's AUO D-Link. The D-Link DIR-1935 suffers from an operating system command injection vulnerability that originates when parsing sub-elements within a VirtualServerInfo element, where the process does not properly validate before executing a syst...

6.8CVSS6.7AI score0.01085EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.6 views

SUSE CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

5.9CVSS7.4AI score0.20444EPSS
Exploits0References77
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Server Info plugin <= 2.5.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Server Info plugin versions = 2.5.3. Solution No patched version available...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Server Info plugin <= 2.5.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Server Info plugin versions = 2.5.3. Solution No patched version available...

4.3AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.7 views

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment, and iteration. A security vulnerability exists in Siemens Mendix. The vulnerability stems from a program upload operation of an XML file that results in ...

4.3CVSS5.1AI score0.00761EPSS
Exploits0References4
Prion
Prion
added 2021/02/02 8:15 p.m.21 views

Code injection

HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users...

4CVSS5AI score0.00842EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/11/11 7:15 a.m.18 views

CVE-2020-16997

Remote Desktop Protocol Server Information Disclosure Vulnerability...

7.7CVSS8.4AI score0.03731EPSS
Exploits0References1
OSV
OSV
added 2020/05/07 2:15 p.m.5 views

CVE-2019-18864

/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine...

7.5CVSS7.1AI score0.01266EPSS
Exploits1References1
Rows per page
Query Builder