31 matches found
Remote command execution in promptr
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
GHSA-HWXP-6QF7-Q3RC Remote command execution in promptr
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
CVE-2024-46489
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
CVE-2024-46489
Promptr v6.0.7 is affected by a Remote Command Execution (RCE) issue caused by insufficient validation/handling of crafted URLs, enabling an attacker to execute arbitrary commands remotely. Confirmed across multiple sources (Red Hat, Veracode, GitHub advisory, PT-2024-32013) with high-severity ri...
CVE-2024-46489
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) spring-expression security vulnerability CVE-2023-20861
Summary IBM ECM Content Management Interoperability Services CMIS spring-expression security vulnerability CVE-2023-20861, affected, not vulnerable Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...
CVE-2022-40849
ThinkCMF 6.0.7 is affected by a Stored XSS vulnerability in the Slideshow Management section. The flaw allows an attacker to inject a persistent XSS payload that executes arbitrary JavaScript on the client, potentially enabling theft of the administrator’s PHPSESSID. The available documents do no...
CVE-2022-40489
CVE-2022-40489 affects ThinkCMF v6.0.7 and represents a Cross-Site Request Forgery (CSRF) vulnerability that can let a Super Administrator be injected into administrative users. The core issue is CSRF in ThinkCMF, enabling credential injection and site takeover as described in multiple sources (R...
GSD-2022-1006666 squashfs: fix read regression introduced in readahead code
squashfs: fix read regression introduced in readahead code This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006663 xhci: Remove device endpoints from bandwidth list when freeing the device
xhci: Remove device endpoints from bandwidth list when freeing the device This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006662 fbdev: smscufx: Fix several use-after-free bugs
fbdev: smscufx: Fix several use-after-free bugs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006661 drm/msm: fix use-after-free on probe deferral
drm/msm: fix use-after-free on probe deferral This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006657 drm/msm/dp: fix aux-bus EP lifetime
drm/msm/dp: fix aux-bus EP lifetime This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit 8768663188e4169333f66583e4d2432e65c421df, i...
GSD-2022-1006655 drm/msm/dp: fix bridge lifetime
drm/msm/dp: fix bridge lifetime This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit 7eda6977e8058dd45607a5bbc6517a0f42ccd6c9, it wa...
GSD-2022-1006653 mm/kmemleak: prevent soft lockup in kmemleak_scan()'s object iteration loops
mm/kmemleak: prevent soft lockup in kmemleakscan's object iteration loops This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006652 ARC: mm: fix leakage of memory allocated for PTE
ARC: mm: fix leakage of memory allocated for PTE This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006646 ACPI: PCC: Fix unintentional integer overflow
ACPI: PCC: Fix unintentional integer overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006643 drm/msm/dp: add atomic_check to bridge ops
drm/msm/dp: add atomiccheck to bridge ops This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006633 nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
nfc: virtualncidev: Fix memory leak in virtualncisend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...
GSD-2022-1006627 kcm: annotate data-races around kcm->rx_wait
kcm: annotate data-races around kcm-rxwait This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...