163 matches found
CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...
libspdm 安全漏洞
libspdm is a DMTF open source example implementation that follows the DMTF SPDM specification. A security vulnerability exists in libspdm versions prior to 2.3.3 and 3.0, which stems from a vulnerability that allows an unauthenticated requestor to store and use a respondent's CTExponent value...
CVE-2022-46817
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flyzoo Flyzoo Chat plugin = 2.3.3 versions...
GNU Mailman 安全漏洞
GNU Mailman is a free suite of software for managing e-mail discussions and e-mail lists from the GNU community in the United States. The software integrates with web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding...
CVE-2022-4331
creationtimestamp| type| source ---|---|--- 2023-03-10 00:20:41+00:00| seen| https://t.me/cibsecurity/59760 2025-02-28 18:26:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5950 2025-03-02 11:45:38+00:00| seen| Telegram/j5jvAdPmVowONHQHmoASK9J1aFc3r8YXWa7dTJeupkTbFHo...
SUSE CVE-2010-3710
Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory consumption and application crash via a long e-mail address string...
SUSE CVE-2013-2099
Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...
SUSE CVE-2021-20234
An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability...
SUSE CVE-2021-29521
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...
PT-2023-19046 · Microsoft +1 · Outlook +1
Name of the Vulnerable Software and Affected Versions: Axigen version 10.3.3.52 Description: A 2-Step Verification issue allows an attacker to access a mailbox by bypassing 2-Step Verification when trying to add an account to any third-party webmail service with IMAP or POP3 without any...
WordPress plugin WP Cerber Security, Anti-spam & Malware Scan 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-4336
creationtimestamp| type| source ---|---|--- 2022-12-09 20:18:44+00:00| seen| https://t.me/cibsecurity/54233...
CVE-2022-45278
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...
Liferay Portal和Liferay DXP 路径遍历漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
PT-2022-35888 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.332 Description: The issue is related to the hugetlb lock not being taken before decrementing h-resv huge pages. This could potentially lead to security vulnerabilities, although the actual impact and attac...
CVE-2022-3852
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...
CVE-2022-3317
creationtimestamp| type| source ---|---|--- 2022-11-01 23:23:48+00:00| seen| https://t.me/cibsecurity/52426...
PT-2022-34868 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.330 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the s390/dasd component. It is caused by an Oops in dasd alias get start dev due to a missing...
PT-2022-3981
Name of the Vulnerable Software and Affected Versions Apache Hadoop versions prior to 2.10.2 Apache Hadoop versions prior to 3.2.4 Apache Hadoop versions prior to 3.3.3 Description The issue is related to the FileUtil.unTarFile, File API in Apache Hadoop, which does not escape the input file name...
CVE-2021-31677
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords...