PT-2026-33207

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.43.7 MediaWiki versions prior to 1.44.4 MediaWiki versions prior to 1.45.2 Description Exposure of sensitive information to an unauthorized actor occurs in the program file includes/Specials/SpecialUserRights.Php...

CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpfjitinsn in arch/s390/net/bpfjitcomp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem...

CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpfjitinsn in arch/s390/net/bpfjitcomp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem...

Amazon Linux 2 : kernel (ALAS-2021-1719)

The version of kernel installed on the remote host is prior to 4.14.252-195.481. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1719 advisory. A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9305)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9305 advisory. - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860493 CVE-2021-31916 - powerpc/64s: flush L1D after user accesses...

UBUNTU-CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...

CVE-2020-11494

A flaw was discovered in slcbump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege or root to read sensitive kernel stack information considering CONFIGINITSTACKALL is not enabled when a partially initialized data structure is exposed...

MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================ MyBulletinBoard MyBB 1.1.3 Remote Code Execution Exploit ============================================================ !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 email protected...

Login errors in 1.3

When logging in as our special user who is restricted to one certain project, I get this error message from secure/Dashboard.jspa java.lang.IllegalArgumentException: Source may not be null at webwork.util.SubsetIteratorFilter.setSourceSubsetIteratorFilter.java:33 at...

Login errors in 1.3

When logging in as our special user who is restricted to one certain project, I get this error message from secure/Dashboard.jspa java.lang.IllegalArgumentException: Source may not be null at webwork.util.SubsetIteratorFilter.setSourceSubsetIteratorFilter.java:33 at...