Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a competition between the fwlog module for user operations and for debugging purposes. This...

EUVD-2022-28866

Malicious code in bioql PyPI...

EUVD-2023-12444

Malicious code in bioql PyPI...

CVE-2024-32119

An improper authentication vulnerability CWE-287 in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially...

CVE-2021-21738

ZTE's big video business platform has two reflective cross-site scripting XSS vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects:...

CVE-2021-37123

There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations...

Signature Replay Attack when EntryPoint contract is changed

Lines of code Vulnerability details Signature Replay Attack when EntryPoint contract is changed Impact User operations can be replayed on smart accounts once the EntryPoint is changed. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead t...

CVE-2022-26309

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...

Historic data being requested as a part of MochiVault.withdraw and borrow functions can be outdated, so a user can avoid historic data update with sending old piece of _data

Handle hyh Vulnerability details Impact Asking to provide historic data proof doesn't imply that pricing is current, a malicious user can wait for market volatility and do deposit/borrow sequence with outdated price, borrowing more than current market value of supplied assets for example, suppose...

Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation Vulnerability

A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface. Description A remotely exploitable vulnerability exists in the 2.3.23-119-GA versio...

Design/Logic Flaw

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations...

Timber E-learning产品内置账号可操作任意用户及添加管理员/任意文件上传GetShell

No description provided by source...

Security Advisory - VCM User Horizontal Privilege Escalation Vulnerability

Huawei Video Content Management VCM system does not properly authenticate online users' identities and privileges, which leads to users' horizontal privilege escalation. An attacker may craft malicious messages, send them to the server, and perform illegitimate operations on cases created by othe...

[SECURITY] Fedora 20 Update: python-django-horizon-2013.2.3-1.fc20

Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...

[SECURITY] Fedora 17 Update: python-django-horizon-2012.1-2.fc17

Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...

Perforce Detection

This host is running an Perforce Server. The Perforce Server, P4D, manages access to versioned files, tracks user operations and records all activity in a centralized database. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

PT-2009-42: Cross-Site Request Forgery in Kayako Support Suite

Kayako Support Suite is a HelpDesk system. Vulnerability Description Positive Technologies Research Team discovered several Cross-Site Request Forgery vulnerabilities in Kayako Support Suite. The application has insufficient protection against this type of attacks in all operations performed by t...