ArangoDB Community Edition 跨站脚本漏洞

ArangoDB Community Edition is a native multi-model database provided by the American company ArangoDB. Version 3.4.2-1 of ArangoDB Community Edition contains cross-site scripting vulnerabilities. These vulnerabilities stem from multiple cross-site scripting vulnerabilities in the search, user...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...

EUVD-2022-5882

Malicious code in bioql PyPI...

EUVD-2022-29070

Malicious code in bioql PyPI...

SUSE CVE-2022-49534

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

CVE-2022-49534 scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

CVE-2022-49534

CVE-2022-49534 in the Linux kernel concerns a memory leak in the lpfc driver when NPIV ports send PLOGI_RJT. The description states a leak could originate from allocations in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject(), tied to login_mbox context and service parameter buffers. The remedy is ...

D-Link DIR-600 OS Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. An operating system command injection vulnerability exists in the D-Link DIR-600 version 2.18 and earlier, which stems from the fact that manipulation of service parameters can lead to os command injection. No details of the...

CVE-2024-30889

Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widgettype, requestid, payload parameters...

D-Link DIR-815 安全漏洞

The D-Link DIR-815 is a wireless router from China's AUO D-Link. The D-Link DIR-815 suffers from a code execution vulnerability that stems from an application's failure to properly filter special elements of constructed snippets. An attacker can exploit the vulnerability to execute arbitrary code...

kernel: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

kernel: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

PT-2025-8467

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential memory leak was identified in the Linux kernel, specifically in the lpfc driver. The issue occurs when handling NPIV PLOGI RJT responses, where memory allocated for service...

CVE-2021-21388

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...

CVE-2021-21388 Command Injection Vulnerability in systeminformation

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...

OS Command Injection

systeminformation is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad etc...

CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

GHSA-2M8V-572M-FF2V Command Injection Vulnerability

Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.3.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...

OPENSUSE-SU-2019:0326-1 Security update for obs-service-tar_scm

This update for obs-service-tarscm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths bsc1105361 - CVE-2018-12474: Fixed an issue whereby crafted service...

OPENSUSE-SU-2019:0329-1 Security update for obs-service-tar_scm

This update for obs-service-tarscm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths bsc1105361 - CVE-2018-12474: Fixed an issue whereby crafted service...