757 matches found
PT-2022-25557 · Unknown · Codeigniter
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions =3.1.13 Description: The issue concerns SQL Injection via the where in function in the system/database/DB query builder.php file. Note that the validity of this issue has been disputed by multiple third parties...
PT-2022-25558 · Unknown · Codeigniter
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions =3.1.13 Description: The issue concerns SQL Injection via the or having function in the system/database/DB query builder.php file. Note that the validity of this issue has been disputed by multiple third parties...
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious homeserver to inse...
PT-2022-28248 · Go · Github.Com/Mohammed90/Caddy-Ssh
Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, however, the issue is related to PAM Pluggable Authentication Modules and its implementation in a certain project, implying that the affected software is a PAM-based authentication system, but the...
GSD-2022-1006264 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.291 by commit...
GSD-2022-1005897 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...
GSD-2022-1005663 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
GSD-2022-1005331 ext2: Add more validity checks for inode counts
ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...
CVE-2021-40017
The HWKEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access...
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
...
Error: "Invalid connection address" when adding XenServer host connection
The following error is seen when attempting to add a Citrix Hypervisor XenServer hosting connection: Error Id: XDDS:49D3D465 Exception: Citrix.Console.Models.Exceptions.ScriptException Invalid connection address. Check that the address is valid and that it references a host in the XenServer pool...
CLSA-2022-1658171690 Fixed CVE-2016-10012 in openssh
CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...
DEBIAN-CVE-2020-16093
In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...
CVE-2020-16093
In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...
Design/Logic Flaw
In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...
CHECK VALID ADDRESS for _auctionStarted
Lines of code%20internal%20virtual%20%7BL214 Vulnerability details Impact Should check for valid address before giving so it can revert if it isn't. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the...
CVE-2020-16093
In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...
GSD-2022-1002874 exfat: check if cluster num is valid
exfat: check if cluster num is valid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.2 by commit 2193286402df2d9c53294f7a858d5e6fd7346e08,...
Observable timing discrepancy allows determining username validity in Jenkins
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This...
PT-2022-22041 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.355 and earlier, LTS versions 2.332.3 and earlier Description: The issue is related to an observable timing discrepancy on the login form, which allows distinguishing between login attempts with an invalid username and logi...