Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
RESTful Web Services Module does not properly sanitize data from non-form sources. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.
This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
This update adds support for more platforms.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
This update adds support for more platforms.
This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application.
This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent.
This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent.
CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via command injection using the module import feature in admin/moduleinterface.php
phpMyAdmin is vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by the application.