CVE-2024-41682

A vulnerability has been identified in Location Intelligence family All versions V4.4. Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords...

CVE-2024-27489

The CVE-2024-27489 issue affects WMCMS v4.4 and is tied to the DelFile() function, which allows an attacker to delete arbitrary files via a crafted POST request. Sources consistently describe the vulnerability as a file-deletion flaw in DelFile(), with confirmed references from Red Hat and NVD in...

CVE-2024-27489

An issue in the DelFile function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request...

BIT-MONGODB-2021-32036 Denial of Service and Data Integrity vulnerability in features command

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...

CVE-2023-1409

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms e.g. Linux, it is possible that client certificate validation may not be in effect, potentially allowing client to...

CVE-2023-30185

CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php...

CVE-2023-30185

CVE-2023-30185 affects CRMEB versions 4.4–4.6 and involves an arbitrary file upload vulnerability via the attachment/SystemAttachmentServices.php component. The issue is documented with a critical CVSS v3.1 score (9.8) affecting confidentiality, integrity, and availability. The connected sources ...

Tridium Niagara Improper Authentication (CVE-2017-16748)

An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. This plugin only works with Tenable.o...

GSD-2023-1002244 drm/virtio: Fix GEM handle creation UAF

drm/virtio: Fix GEM handle creation UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.229 by commit...

GSD-2023-1001799 drm/virtio: Fix GEM handle creation UAF

drm/virtio: Fix GEM handle creation UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.164 by commit...

GSD-2022-1008321 nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()

nfc: nfcmrvl: Fix potential memory leak in nfcmrvli2cncisend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.299 by commit...

GSD-2022-1008116 nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()

nfc: nfcmrvl: Fix potential memory leak in nfcmrvli2cncisend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.154 by commit...

GSD-2022-1007708 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()

mmc: sdhci-pci: Fix possible memory leak caused by missing pcidevput This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

GSD-2022-1007205 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages

mm,hugetlb: take hugetlblock before decrementing h-resvhugepages This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.153 by commit...

GSD-2022-1003012 tracing: Fix return value of trace_pid_write()

tracing: Fix return value of tracepidwrite This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GSD-2022-1002953 af_unix: Fix a data-race in unix_dgram_peer_wake_me().

afunix: Fix a data-race in unixdgrampeerwakeme. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...

CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

Command injection

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

CVE-2022-28055

FusionPBX v4.4 and earlier versions are affected by a command injection vulnerability in the Download Email Logs function. The CVE-2022-28055 entry is supported by multiple sources: Red Hat notes the issue in FusionPBX 4.4 and earlier; PT Security recommends upgrading to a version above 4.4; OSV,...