Tag
#csrf
The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems.
The SAP NetWeaver ABAP IGS service suffers from multiple memory corruption vulnerabilities.
Online Course Registration version 1.0 suffers from a blind boolean-based remote SQL injection vulnerability.
The SAP NetWeaver ABAP Gateway service suffers from multiple memory corruption vulnerabilities.
SAP NetWeaver ABAP Enqueue service suffers from multiple memory corruption vulnerabilities.
Ubuntu Security Notice 5116-2 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
Clinic Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.
The Communication Profiles functionality provided within SAP JAVA NetWeaver suffers from an XML external entity injection vulnerability.
SAP NetWeaver ABAP Dispatcher service suffers from memory corruption vulnerabilities. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable.
Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.