26 matches found
CVE-2025-38310 seg6: Fix validation of nexthop addresses
In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space...
WordPress SimplyRETS Real Estate IDX plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Psai in WordPress Plugin SimplyRETS Real Estate IDX versions = 3.1.1...
RHSA-2025:2524 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
GHSA-FR62-MG2Q-7WQV In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Impact The Pinecone Simulator pineconesim included in Pinecone up to commit https://github.com/matrix-org/pinecone/commit/ea4c33717fd74ef7d6f49490625a0fa10e3f5bbc is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconsim. Patch...
CVE-2020-5239
In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...
CVE-2020-15152
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
CVE-2020-15082
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6...
CVE-2024-20148
In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID:...
SUSE: Security Advisory (SUSE-SU-2024:4327-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHSA-2018:1188 Red Hat Security Advisory: java-1.8.0-openjdk security update
Bulletin has no description...
RHSA-2017:2683 Red Hat Security Advisory: kernel security update
Bulletin has no description...
RHSA-2010:0986 Red Hat Security Advisory: java-1.4.2-ibm-sap security update
Bulletin has no description...
CGA-MR6F-6X69-27VH
Bulletin has no description...
CGA-QX87-H6F7-QRHX
Bulletin has no description...
CGA-QPC6-Q3RR-9W6F
Bulletin has no description...
CGA-CQ7Q-JXPV-6FGM
Bulletin has no description...
CGA-6MP3-8635-PXMR
Bulletin has no description...
CVE-2024-26632 block: Fix iterating over an empty bio with bio_for_each_folio_all
In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bioforeachfolioall If the bio contains no data, biofirstfolio calls pagefolio on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bionextfolio to...
SUSE-SU-2021:3269-1 Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allowed QLibrary to load libraries relative to CWD which could result in arbitrary code execution. bsc1189408...
scalarmult() vulnerable to degenerate public keys
The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...