EUVD-2024-3276

Malicious code in bioql PyPI...

CVE-2024-52291

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

CVE-2024-52291

CraftCMS has a local file system validation bypass flaw (CVE-2024-52291) that can be triggered by a double file:// scheme to point the base filesystem at sensitive folders. The root cause stems from FileHelper::normalizePath only removing a leading file://, enabling bypass when a second file:// i...

bind9: bind: SIG(0) can be used to exhaust CPU resources

A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection

CVE ID: CVE-2024-22900 Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22900, has been discovered in Vinchin Backup and Recovery software, affecting versions 7.2 and earlier. The...

Improper Management of Critical Market Condition

Lines of code Vulnerability details Impact The BorrowerOperations::requireValidAdjustmentInCurrentMode validation function will apply a weak level of validation, causing the system to magnify its critical market conditions when in recovery mode. In detail, both...

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk

Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files a...

DEBIAN-CVE-2022-3656

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

OPENSUSE-SU-2022:10180-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 107.0.5304.87 boo1204819 CVE-2022-3723: Type Confusion in V8 Chromium 107.0.5304.68 boo1204732 CVE-2022-3652: Type Confusion in V8 CVE-2022-3653: Heap buffer overflow in Vulkan CVE-2022-3654: Use after free in Layout CVE-2022-3655: Hea...

PT-2022-25170 · Sourcecodester · Sourcecodester Simple Task Managing System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Task Managing System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter in the newProjectValidation.php component. Thi...

CVE-2021-35087

CVE-2021-35087 affects Qualcomm Snapdragon components (Industrial IoT and Snapdragon Mobile). Affected behavior: possible null pointer access caused by improper validation of the system information message processed by these devices. Root cause as stated across sources is null pointer dereference...

USN-5377-1: Linux kernel (BlueField) vulnerabilities

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 Yiqi Sun and Kevin Wang discovered that the...

CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

CVE-2020-9247

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a...

Serv-U FTP Server prepareinstallation Privilege Escalation

This module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The Serv-U executable is setuid root, and uses ARGV0 in a call to system, without validation, when invoked with the -prepareinstallation flag, resulting in command execution with root...

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1715 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ==================================...

File Manager PRO 1.3 Local File Inclusion / File Upload

Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...

Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...