498 matches found
CVE-2024-41082
In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of adminq. If a reset nvme reset or IO timeout...
CVE-2024-41671
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...
CVE-2024-41070
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...
CVE-0000-0003
TEST CVE 3...
Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an administrator,...
CVE-2024-27083
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
CLSA-2024-1708028140 Update of microcode_ctl
Update AMD CPU microcode to 2023-10-19: - Addition AMD CPU microcode for processor family 19h: sig 0x00a10f12, sig 0x00aa0f02, sig 0x00aa0f01, sig 0x00a10f11; - Update AMD CPU microcode for processor family 17h: sig 0x00830f10...
CLSA-2024-1705941083 Update of alt-php
Update ca-certificates database to 20231207: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.64. - The following certificares were updated: Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - The following certificates authoriti...
CVE-2023-46727
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP
Asterisk Project Security Advisory - AST-2013-004 Product Asterisk Summary Remote Crash From Late Arriving SIP ACK With SDP Nature of Advisory Remote Crash Susceptibility Remote Unauthenticated Sessions Severity Major Exploits Known None Reported On February 11, 2013 Reported By Colin Cuthbertson...
CTSCMS the latest vulnerability-vulnerability warning-the black bar safety net
China travel service website management systemCTSCMS.COMis a professional tourism website, the program source code, travel website, travel website templates, tourism website construction service providers,focusing on the tourism e-Commerce development services to travel agencies and tour it...
0day! phpweb pseudo-static page injection-vulnerability warning-the black bar safety net
phpweb all of the entire Station program pseudo-static pages are presentsql injection Main Station: http://phpweb.net/ Added’detection: http://www.phpweb.net/down/html/?772'. html Error The presence of injection. Can't use spaces, only use/Rowe http://www.phpweb.net/page/html/?56'//and//1=1/. htm...
CVE-2008-0165
Cross-site request forgery CSRF vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the 1 preferences and 2 edit forms...
CVE-2007-6420
Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...
Solaris 7 (x86) : 107023-11
CDE 1.3x86: Calendar Manager patch. Date this patch was last updated by Sun : Sep/21/04 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Solaris 8 (x86) : 111401-04
SunOS 5.8x86: kcmsserver and kcmsconfigure patch. Date this patch was last updated by Sun : Jan/17/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; ...
Solaris 8 (sparc) : 113685-07
SunOS 5.8: logindmux, ptsl, ms, bufmod, ll. Date this patch was last updated by Sun : Jan/19/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Security update 1970-01-01
...