Tagged: Cybersecurity Alert

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the “userName” parameter. More information : https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. More information : https://www.ibm.com/support/pages/node/7252019

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html

Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability. More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html

Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html

An issue was discovered in Cinnamon kotaemon 0.11.0. The _may_extract_zip function in the libsktemktemindexfileui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that...

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php. More information : http://rapidcms.com

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input...

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability. More...

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate...

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service. More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html