29 matches found
Astra Linux - уязвимость в ansible
A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of a zone on the Solaris host, the zone name is checked by listing the process using the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a fake zone name a...
Security update for postgresql16
This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...
ansible: Fix of CVE-2019-14904
CVE-2019-14904: validate solariszone name to prevent command injection...
SUSE CVE-2010-4326
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...
CVE-2020-37126 Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...
PT-2026-6432
Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Zone Name & Description fields in the Store Management section are not properly sanitized before being displayed in the admin panel...
EUVD-2019-16541
Malware in sbrugna...
EUVD-2020-0008
Malware in sbrugna...
CVE-2019-6990
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones=zoneImage∣=1 URI...
Zones on Citrix DaaS show a Resource Location that has been previously deleted
A Zone is present on Citrix Cloud DaaS Studio, which references a previously deleted Resource Location. The name of the zone might be the friendly name of the former Resource Location, or it will display a GUID on the Zone name...
CVE-2023-43731
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
PT-2023-28952 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the zone name parameter, potentially leading to unauthorized execution of script...
SUSE CVE-2019-14904
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
GHSA-GWR8-5J83-483C OS Command Injection and Improper Input Validation in ansible
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
DEBIAN-CVE-2019-14904
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
PYSEC-2020-180
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
Ansible: vulnerability in solaris_zone module via crafted solaris zone
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
Ansible: vulnerability in solaris_zone module via crafted solaris zone
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
Ansible: vulnerability in solaris_zone module via crafted solaris zone
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:3318-1)
This update for samba fixes the following issues : CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name bsc1158108. CVE-2019-14870: Fixed a DelegationNotAllowed not being...