94 matches found
GSD-2023-1001908 i2c: designware: use casting of u64 in clock multiplication to avoid overflow
i2c: designware: use casting of u64 in clock multiplication to avoid overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...
GSD-2023-1001539 dm thin: Use last transaction's pmd->root when commit failed
dm thin: Use last transaction's pmd-root when commit failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...
GSD-2023-1001530 drm/vmwgfx: Validate the box size for the snooped cursor
drm/vmwgfx: Validate the box size for the snooped cursor This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...
GSD-2023-1000932 dm thin: Fix UAF in run_timer_softirq()
dm thin: Fix UAF in runtimersoftirq This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit 34cd15d83b7206188d440b29b68084fcafde9395,...
Inlislite 3.2 Insecure Settings
==================================================================================================================================== | Title : Inlislite V3.2 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | |...
GSD-2022-1007116 KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
KVM: nVMX: Don't propagate vmcs12's PERFGLOBALCTRL settings to vmcs02 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
TPCMS arbitrary file upload vulnerability
TPCMS, an open source content management system from the individual developers of Source of Happiness, is vulnerable to an arbitrary file upload vulnerability in version v3.2, which stems from a lack of validation of uploaded files by the application. An attacker could exploit this vulnerability ...
CVE-2022-29624
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-29624
TPCMS v3.2 contains an arbitrary file upload vulnerability in the Add File function that can allow an attacker to execute arbitrary PHP code via a crafted file. The issue stems from insufficient validation of uploaded files, enabling remote code execution. Affected product: TPCMS 3.2 (open‑source...
CVE-2022-29624
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2021-42860
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...
Memory corruption
DISPUTED A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release...
CVE-2021-42860
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...
Stack overflow
DISPUTED A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...
CVE-2021-42860
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...
CVE-2021-42860
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...
CVE-2021-42860
Removed by vendor...
CVE-2022-27442
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...
CVE-2022-27441
A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...