Unauthenticated Remote Code Execution

Description Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a username and password to the "check password script" that can be...

[SECURITY] Fedora 42 Update: p11-kit-0.26.2-1.fc42

p11-kit provides a way to load and enumerate PKCS11 modules, as well as a standard configuration setup for installing PKCS11 modules in such a way that they're discoverable...

EUVD-2022-51497

Malicious code in bioql PyPI...

CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

DEBIAN-CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

Memory corruption

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

CVE-2022-4132 Memory leak on tls connections

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

PT-2023-13970 · Jss +1 · Jss +1

Name of the Vulnerable Software and Affected Versions: JSS affected versions not specified Description: A flaw was found in JSS, which is a memory leak that requires non-standard configuration. This issue can be exploited as a low-effort Denial of Service DoS vector if configured in a specific wa...

UBUNTU-CVE-2023-5173

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic possibly under influence of a local unprivileged webpage, leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowin...

CVE-2023-5173

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic possibly under influence of a local unprivileged webpage, leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowin...

Mozilla Firefox < 118.0

The version of Firefox installed on the remote Windows host is prior to 118.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-41 advisory. - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidenc...

CVE-2023-0090

The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...

SUSE CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

Drupal 访问控制错误漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. An access control error vulnerability exists in Drupal that stems from the Quick Edit module failing to properly check for entity access under certain circumstances. This could cause a user...

Design/Logic Flaw

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and...

Key Systems Electronic Key Lockers Command Injection

OVERVIEW Key Systems Electronic Key Lockers contain a command injection vulnerability which may allow a remote unauthenticated attacker to inject commands into the electronic key locker. Key Systems Electronic Key Lockers also contains weak authentication which could allow an attacker...

[security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise &#40;HPCA&#41; Running on Windows, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02750690 Version: 1 HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise HPCA Running on Windows, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin...