3867 matches found
SUSE CVE-2023-54252
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability discovered by WordFence in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.8...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992769)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992769 advisory. In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufscreatecontext Leak fixes back in 2008 missed one case - if we are tryin...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the system.enableCrossNamespaceCommands when it is enabled on by default. An attacker can perform unauthorized actions in a different namespace by submitting workflow task commands that target namespaces othe...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when the frontend.enableExecuteMultiOperation is enabled. An attacker can circumvent namespace-specific validation and feature gates by setting the embedded StartWorkflowExecutionRequest's namespace field to a...
CVE-2023-54252
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...
UBUNTU-CVE-2023-54252
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...
CVE-2023-54252 platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...
CVE-2023-54252
CVE-2023-54252 refers to a Linux kernel issue in the x86 ThinkStation WMI handling (platform/x86: think-lmi). The root cause is a memory leak where the tlmi_setting item allocated during WMI string parsing was not freed, with an accompanying renaming to avoid confusion with a similarly named vari...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper setting of pagelen in the NFSv2 GETACL result encoder, which could lead to a memory content leak...
CVE-2025-15161
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
EUVD-2025-205534
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could b...
CVE-2025-68706
CVE-2025-68706 affects KuWFi 4G LTE AC900 devices running firmware 1.0.13, in the GoAhead-Webs HTTP daemon. The vulnerability is in the /goform/formMultiApnSetting handler, which copies the user-provided pincode into a fixed 132-byte stack buffer using sprintf() without bounds checking. This stac...
CVE-2025-15161
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could...
CVE-2025-15161 Tenda WH450 PPTPUserSetting stack-based overflow
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could...
CVE-2025-15161
CVE-2025-15161 affects Tenda WH450 1.0.0.18. The vulnerability is in an unknown function of the file /goform/PPTPUserSetting, where manipulation of the delno argument leads to a stack-based buffer overflow. Remote exploitation is possible, and PoCs have been published. Multiple sources corroborat...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128
ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...