57 matches found
PT-2026-30637
Memory corruption while processing a frame request from user...
EUVD-2020-21250
Malware in sbrugna...
EUVD-2020-12588
Malware in sbrugna...
EUVD-2020-26159
Malware in sbrugna...
EUVD-2017-4242
Malware in sbrugna...
EUVD-2021-1340
Malware in sbrugna...
EUVD-2017-1426
Malware in sbrugna...
EUVD-2024-1124
Malicious code in bioql PyPI...
EUVD-2022-42880
Malicious code in bioql PyPI...
EUVD-2025-19227
Malicious code in bioql PyPI...
Race condition in privilege cache invalidation cycle
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior ...
CVE-2012-6273
SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU aka search user request...
CVE-2000-1237
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing...
Synapse denial of service through media disk space consumption
Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging fro...
MGASA-2024-0328 Updated php packages fix security vulnerabilities
HTTPREDIRECTSTATUS might be controlled via user request FPM log output might be modified by an attacker HTTP POST can be modified by an attacker For other bug fixes consult references...
PT-2024-28444 · Totara · Totara Lms
Name of the Vulnerable Software and Affected Versions: Totara LMS version 18.0.1 Build 20231128.01 Description: A problematic vulnerability has been found in Totara LMS, affecting an unknown part. The manipulation leads to cross-site request forgery, and it is possible to initiate the attack...
CVE-2021-47170
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in...
BIT-JUPYTERHUB-2020-36191
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user account...
CVE-2023-52474
CVE-2023-52474: In the Linux kernel, fixes were applied for IB/hfi1 user SDMA multi-iovec handling to correct data handling across iovecs and to address related mmu_rb cache pinning issues. The description notes two root bugs: 1) user_sdma_txadd() could over-read an iovec by not honoring iov_len ...
CVE-2024-22194 cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions matching the pattern 0.x.0...