1070 matches found
SUSE CVE-2007-5794
Race condition in nssldap, when used in applications that are linked against the pthread library and fork after a call to nssldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong...
SUSE CVE-2022-31623
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...
Discourse 访问控制错误漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an access control error vulnerability, which can be exploited by an attacker to create new threads as any user with embeddable comments...
dotCMS 安全漏洞
dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS version 5.x-22.06, which stems from the ability to call TempResource multiple times...
The vulnerability of the worker_threads module in the Node.js software platform, related to incorrect input validation, allows a malicious actor to trigger a service failure.
The vulnerability of the workerthreads module in the Node.js software platform is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
stalld bug fix and enhancement update
An update is available for stalld. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The stalld package provides a mechanism used to prevent the starvation of...
PT-2023-1174 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to incorrect input validation in the worker threads module of the Node.js platform. This can potentially allow an attacker to cause a denial of service. Recommendations...
stalld bug fix and enhancement update
An update for stalld is now available for Rocky Linux 8.6 Extended Update Support. The stalld package provides a mechanism used to prevent the starvation of operating system threads in a Linux system. Bug fixes and Enhancements:...
CVE-2019-25093
A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthreadlistthreads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthreadforumskip leads ...
CVE-2019-25093 dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scripting
A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthreadlistthreads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthreadforumskip leads ...
CVE-2019-25093
The CVE-2019-25093 entry describes a cross-site scripting vulnerability in dragonexpert’s Recent Threads on Index component. Affected is the function recentthread_list_threads in inc/plugins/recentthreads/hooks.php, where manipulating the argument recentthread_forumskip enables XSS. The issue rep...
CVE-2019-25093 dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scripting
A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthreadlistthreads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthreadforumskip leads ...
PT-2023-11351 · Unknown · Dragonexpert
Name of the Vulnerable Software and Affected Versions: dragonexpert Recent Threads on Index affected versions not specified Description: A problematic vulnerability was found in the function recentthread list threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler...
Recent Threads On Index 跨站脚本漏洞
Recent Threads On Index is a library for dragonexpert individual developers. Add sections to the index page for recent threads. A cross-site scripting vulnerability exists in Recent Threads On Index, which stems from cross-site scripting due to incorrect manipulation of the parameter...
[SECURITY] Fedora 36 Update: rr-5.6.0-2.fc36
rr is a lightweight tool for recording and replaying execution of applications trees of processes and threads. For more information, please visit http://rr-project.org...
Cross site scripting
The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible...
Mozilla: Use-after-free in InputStream implementation
The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...
virt:ol and virt-devel:ol security, bug fix, and enhancement update
libguestfs 1.44.0-9.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.44.0-9 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2101280 1:1.44.0-8 - Obsolete ol...
Memory corruption
Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...
CVE-2022-25666
Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...