6038 matches found
CVE-2024-46654
A stored cross-site scripting XSS vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-46654
A stored cross-site scripting XSS vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
PT-2024-32096 · Maccms10 · Maccms10
Name of the Vulnerable Software and Affected Versions: Maccms10 version 2024.1000.4040 Description: A stored cross-site scripting XSS vulnerability in the Add Scheduled Task module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Maccms10 versi...
PT-2024-39375 · Unknown · Crmgo Saas
Name of the Vulnerable Software and Affected Versions: CodeCanyon CRMGo SaaS versions up to 7.2 Description: A problematic issue has been found in the software, affecting some unknown processing of the file "/project/task/task id/show". The manipulation of the comment argument leads to cross-site...
WorkDo CRMGo 跨站脚本漏洞
WorkDo CRMGo is a project, accounting, lead, transaction, and human resource management tool from WorkDo, Inc. A cross-site scripting vulnerability exists in WorkDo CRMGo version 7.2 and prior versions, which stems from the comment parameter in the /project/task/taskid/show file containing a...
pulpcore: RBAC permissions incorrectly assigned in tasks that create objects
A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...
SUSE-SU-2024:3304-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48791: Fix use-after-free for aborted TMF sastask bsc1228002 The following non-security bugs were fixed: - powerpc: Remove support for PowerPC 601 Remove...
kernel: sched/deadline: Fix task_struct reference leak
A vulnerability was found in the Linux kernel's deadline scheduler in the enqueuetaskdl function, where the reference count is improperly decremented in certain situations, potentially causing a memory leak. This issue can lead to memory exhaustion over time...
kernel: sched/deadline: Fix task_struct reference leak
A vulnerability was found in the Linux kernel's deadline scheduler in the enqueuetaskdl function, where the reference count is improperly decremented in certain situations, potentially causing a memory leak. This issue can lead to memory exhaustion over time...
CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...
September 10, 2024—KB5043080 (OS Build 26100.1742)
September 10, 2024—KB5043080 OS Build 26100.1742 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard...
CVE-2024-44991
In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcpskexitbatch Its possible that two threads call tcpskexitbatch concurrently, once from the cleanupnet workqueue, once from a task that failed to clone a new netns. In the latter case, error...
CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...
PT-2024-31419 · Ibm · Webmethods Integration
Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration version 10.15 Description: The issue allows an authenticated user to create scheduler tasks, enabling them to escalate their privileges to administrator due to missing authentication. This can lead to unauthorized...
IBM webMethods Integration 安全漏洞
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to create scheduler tasks that elevate their privileges...
OpenHarmony 安全漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony version v4.0.0 and prior versions, which stems from a background task management privilege bypass vulnerability...
New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads
Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems...
CVE-2024-44941
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanitycheckextentcache+0x370/0x410 fs/f2fs/extentcache.c:46 Read of size 4 at addr ffff8880739ab220 by...
CVE-2024-8140
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...
CVE-2024-8140
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...