All Posts by: Prophy Insights

Description OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized

Description A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via

Description Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white

Description This issue exists to document that a security improvement in the way that Jira Server and Data Center use

Description The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to

Description The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen

Description Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap

Description In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a

Description A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a

Description The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the

Description A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The

Description io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is

Description This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be

Description Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload

Description Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected

Description When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. References https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel

Description The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter,

Description Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an

Description A memory leak vulnerability was found in the Linux kernel’s eBPF for the Simulated networking device driver in the

Description The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result

Description Windows Internet Information Services Cachuri Module Denial of Service Vulnerability. References https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22025 For More Information MITRE

Description H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. References https://github.com/Docker-droid/H3C_SSL_VPN_XSS For More Information MITRE