Code injection

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2022-36059 Prototype pollution in matrix-js-sdk

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

SUSE CVE-2023-28866

In the Linux kernel through 6.2.8, net/bluetooth/hcisync.c allows out-of-bounds access because ampinit1 and ampinit2 are supposed to have an intentionally invalid element, but do not...

AZL-25933 CVE-2023-28866 affecting package kernel for versions less than 5.15.122.1-2

In the Linux kernel through 6.2.8, net/bluetooth/hcisync.c allows out-of-bounds access because ampinit1 and ampinit2 are supposed to have an intentionally invalid element, but do not...

UBUNTU-CVE-2023-28866

In the Linux kernel through 6.2.8, net/bluetooth/hcisync.c allows out-of-bounds access because ampinit1 and ampinit2 are supposed to have an intentionally invalid element, but do not...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.2.8 and earlier, which stems from net/bluetooth/hcisync.c allowing out-of-bounds access...

CVE-2023-20956

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that originates from a boundary error in processing data in btmbleprocessperiodicadvsynclostevt in blescannerhciinterface.cc, which can be exploited by an attacker to...

PT-2023-17110 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2022.3.13 and prior Description: The issue allows users with restricted rights to bypass entry permission via id collision when importing or synchronizing entries in the User vault. Recommendations: For Devolutions...

WordPress Stock Sync for WooCommerce Plugin <= 2.3.2 is vulnerable to Broken Access Control

Software Stock Sync for WooCommerce Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46807 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07afbedf76cc Credits Cat Required...

WordPress Sheets To WP Table Live Sync Plugin <= 2.12.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sheets To WP Table Live Sync Type Plugin Vulnerable versions = 2.12.14 Fixed in 2.12.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10f41cbc718b Credits...

"pb_op_longer_hb for critical process NSPPE-00 (1285) 150 secs" related log explanation

ns.log: Mar 9 22:29:11 gash-vpx-uat2 nssync: NSSYNC: SYNC started.... Mar 9 22:29:11 10.168.253.225 03/09/2023:14:29:11 GMT gash-vpx-uat2 0-PPE-0 : default EVENT STATECHANGE 4713434 0 : Device "self node 10.168.253.225" - State "SYNC start " Mar 9 22:29:12 gash-vpx-uat2 nssync: Send HA File sync ...

Critical: Red Hat Security Advisory: Satellite 6.11.5 Async Security Update

Updated Satellite 6.11 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...

CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

Command injection

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

CVE-2023-26490

The CVE-2023-26490 entry describes a shell command injection in mailcow’s Sync Job feature within a dockerized mail server. The vulnerability arises from imapsync’s XOAUTH2 workflow creating a shell command to invoke openssl, with user password segments embedded in the command without validation,...

Qualys VMDR & Jira Integration Now Available

The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the...