SUSE-SU-2022:1932-1 Security update for patch

This update for patch fixes the following issues: Security fixes: - CVE-2019-13636: Fixed mishandled following of symlinks in certain cases other than input files bsc1142041. - CVE-2018-6952: Fixed double free of memory in pch.c:anotherhunk bsc1080985. Bugfixes: - Pass the correct stat to backup...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2022:4642 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

DEBIAN-CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

Information disclosure

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

UBUNTU-CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

CVE-2011-4917

CVE-2011-4917 : Information disclosure in the Linux kernel up to 3.1 via /proc/stat. Local access required; low attack complexity with LOW privileges and partial confidentiality impact (CVSS v3.1 base score 5.5). Root cause: kernel information leakage through /proc/stat. Affected product: Linux k...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. The Linux kernel has a security vulnerability that can be exploited by an attacker via /proc/stat...

CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

ARRIS TR3300 命令注入漏洞

The ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS, Inc. A command injection vulnerability exists in the ARRIS TR3300, which stems from the failure of the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters in the ip function to properly filter the construct command special...

ARRIS TR3300 命令注入漏洞

ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS U.S.A. A command injection vulnerability exists in ARRIS TR3300, which stems from the failure of the pptpfixip, pptpfixmask, pptpfixgw, and wandns1stat parameters in the pptp function. properly filter the construct command special characters,...

PT-2022-18171 · Arris · Arris Tr3300

Name of the Vulnerable Software and Affected Versions: Arris TR3300 version 1.0.13 Description: A command injection issue was found in the pptp function, accessible through the wan pptp.html endpoint, via the pptp fix ip, pptp fix mask, pptp fix gw, and wan dns1 stat parameters. This allows...

CVE-2022-23837

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the stat...

CVE-2021-21931

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ statfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...

The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the “devicelist” component of the monitoring software for Advantech R-SeeNet routers involves incorrect processing of the statfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending specially crafted SQL...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite

The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted...