Linux Distros Unpatched Vulnerability : CVE-2022-50003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non- balanced queue id Fix the following scenario: 1. ethtool -L...

CVE-2022-50003

CVE-2022-50003 describes a Linux kernel issue in the ice driver where XSK (AF_XDP) pool assignment can occur for a non-balanced queue id, enabling an out-of-bounds access to the Rx ring when attaching an XSK socket in tx-only mode to a queue id without a corresponding Rx queue. The fix rewrites t...

CVE-2024-57893 ALSA: seq: oss: Fix races at processing SysEx messages

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 OpenSSH Vulnerability Mitigation Script Over...

Authentication flaw

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB...

Grand Theft Auto 5 exploit allows cheaters to tamper with your data

Yesterday I spent some time helping to fix a relatives gaming PC. Their gaming data tied to Rockstars Grand Theft Auto 5 GTAV had somehow become corrupted and was no longer functional. I managed to repair the account and restore everything back to the way it was, but this isnt the end of the stor...

Exploit for CVE-2022-30190

🩹CVE-2022-30190 Temporary Fix🩹 Source Code These are t...

PT-2022-12145 · Yottadb +4 · Yottadb +4

Name of the Vulnerable Software and Affected Versions: FIS GT.M versions through V7.0-000 Description: An issue was discovered related to the YottaDB code base. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f incr in sr port/f incr.c and cause a cra...

CVE-2020-17376

An information disclosure flaw was found in the live migration feature of OpenStack Nova. A user may gain access to destination host devices with the same path as those on the source host. This flaw allows an attacker to perform a soft reboot of an instance that has previously undergone live...

Duplicator Pro 1.3.14 Local Information Disclosure

Product: Duplicator Pro Vendor: SnapCreek Website: https://snapcreek.com/ Discovered by: Evolution Hosting Version vulnerable: = 1.3.14 Fixed in: 1.3.15+ Vulnerability Type: Information Disclosure, local exposure of entire webinstallation content remotely triggerable: not for itself. Needs wp adm...

AfterLogic Aurora / Webmail XSS Vulnerability (Aug 2017)

AfterLogic Aurora/WebMail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

Siemens SINEMA Server Privilege Escalation Vulnerability

SINEMA Server is affected by a vulnerability that could allow authenticated operating system users to escalate their privileges. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft Silverlight DEP/ASLR安全限制绕过漏洞(CVE-2014-0319)

BUGTRAQ ID: 66046 CVECAN ID: CVE-2014-0319 Microsoft Silverlight是跨浏览器、跨平台的.NET实现，用于为Web构建媒体体验和交互应用。 Silverlight没有正确实现DEP和ASLR，在实现上存在安全限制绕过漏洞。成功利用后可导致绕过DEP/ASLR安全功能。 0 Microsoft Silverlight 5.x 临时解决方法： 临时在IE中阻止Microsoft Silverlight 临时阻止在Mozilla Firefox内运行Microsoft Silverlight 临时阻止在Mozilla...

Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0297)

BUGTRAQ ID: 66023 CVECAN ID: CVE-2014-0297 Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer 没有正确访问内存对象，在实现上存在远程代码执行漏洞，成功利用后可破坏内存，在当前用户权限下执行任意代码。 0 Microsoft Internet Explorer 6-11 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 设置互联网和内联网安全区域设置为“高” 配置IE在运行活动脚本之前提示或直接禁用。 应用Microsoft Fix...

Microsoft Word内存破坏漏洞

BUGTRAQ ID: 64726 CVECAN ID: CVE-2014-0258 Microsoft Word 属于办公软件是微软公司的一个文字处理器应用程序。 受影响Microsoft Word 软件解析特制文件时存在远程代码执行漏洞，成功利用这些漏洞后，可导致完全控制受影响系统。 0 Microsoft Word 2013 Microsoft Word 2010 Microsoft Word 2007 Microsoft Word 2003 临时解决方法： 安装配置MOICE为.doc文件的注册处理程序； 用Office文件阻止策略阻止打开.doc和.dot二进制文件；...

EMLOG offline writing high-risk security vulnerabilities-vulnerability warning-the black bar safety net

You emlog user, EMLOG Development Group today confirmed EMLOG 5.1 series of versions exist offline writing interface permission validation is not strict, high-risk vulnerabilities. The vulnerability can lead an attacker can bypass the system user authentication mechanism through the offline writi...

Huawei networking equipment weak password cipher

Overview Huawei networking equipment use a DES encryption algorithm for password and encryption. DES is publicly known to be easily cracked. Description Huawei Security Advisory Huawei-SA-20120827-01-CX600 states:In multiple Huawei products, DES encryption algorithm is used for password and the...

Cisco Unified Communications Manager Remote Blind SQL Injection Vulnerability

Cisco Unified Communication Manager Unified CM contains a vulnerability that could allow an unauthenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker...

DEDECMS v5. 7(2013-06-07) xss+csrf 0day-vulnerability warning-the black bar safety net

Bookmark management existxss+csrf http://localhost/dedecms/member/flinkmain.php xss:http://localhost/dedecms/member/flinkmain.php?dopost=addnew&title=test' onmouseover=alert1;'&url=test' onmouseover=alert1;' CSRF:img...