4564 matches found
PT-2023-15699 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.1.0p11 Description: The issue allows an attacker to perform a limited Server-Side Request Forgery SSRF in the agent-receiver component, enabling communication with local network restricted endpoints through th...
CVE-2022-40231
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533...
CVE-2022-33869
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
SUSE CVE-2004-0110
Buffer overflow in the 1 nanohttp or 2 nanoftp modules in XMLSoft Libxml 2 Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL...
SUSE CVE-2004-1139
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service application crash...
SUSE CVE-2004-1141
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service application crash via a certain packet that causes the dissector to access previously-freed memory...
SUSE CVE-2006-2449
KDE Display Manager KDM in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login...
SUSE CVE-2007-6451
Unspecified vulnerability in the CIP dissector in Wireshark formerly Ethereal 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service crash via unknown vectors that trigger allocation of large amounts of memory...
SUSE CVE-2008-4456
Cross-site scripting XSS vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be...
SUSE CVE-2009-0601
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...
SUSE CVE-2012-4386
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks by setting the token name configuration parameter to a session attribute...
SUSE CVE-2012-5881
Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207...
SUSE CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix...
SUSE CVE-2013-6617
The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...
SUSE CVE-2016-3076
Heap-based buffer overflow in the j2kencodeentry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service memory corruption via a crafted Jpeg2000 file...
SUSE CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions...
SUSE CVE-2017-5246
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...
SUSE CVE-2018-9261
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs...
SUSE CVE-2018-9274
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failuremessage.c has a memory leak...
SUSE CVE-2018-11737
An issue was discovered in libtskfs.a in The Sleuth Kit TSK from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfsfixidxrec in tsk/fs/ntfsdent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from...