Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2010-2496: Bug 620781 – VUL-0: CVE-2010-2496: STONITH passwords visible in ps output

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.

CVE

Related news

CVE-2021-36174: PSIRT Advisories | FortiGuard

A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.

CVE-2021-25874

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

CVE-2021-42071: Inicio - Visual Tools

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header.

CVE-2021-3832: Integria IMS Remote Code Execution

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.

CVE-2020-7874: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

CVE-2020-7873: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.

CVE-2021-3545: 1958955 – (CVE-2021-3545) CVE-2021-3545 QEMU: vhost-user-gpu: information disclosure due to uninitialized memory read

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907