CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52989 – firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
https://notcve.org/view.php?id=CVE-2023-52989
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue of use-after-free. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue of use-after-free. ... The issue was fixed by a commit 281e20323ab7 ("firewire: co... • https://git.kernel.org/stable/c/281e20323ab72180137824a298ee9e21e6f9acf6 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6258 – BT: Missing length checks of net_buf in rfcomm_handle_data
https://notcve.org/view.php?id=CVE-2024-6258
13 Sep 2024 — BT: Missing length checks of net_buf in rfcomm_handle_data • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7833-fcpm-3ggm • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43816 – scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
https://notcve.org/view.php?id=CVE-2024-43816
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer... • https://git.kernel.org/stable/c/af20bb73ac2591631d504f3f859f073bcdb7e11e •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32038 – Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32038
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2. Wazuh es una plataforma gratuita y de código abierto que se utiliza para la prevención, detección y respuesta a amenazas. • https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23818 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
https://notcve.org/view.php?id=CVE-2024-23818
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all u... • https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25811 – Persistent Cross site scripting (XSS) in Uptime Kuma
https://notcve.org/view.php?id=CVE-2023-25811
21 Feb 2023 — Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/louislam/uptime-kuma/security/advisories/GHSA-553g-fcpf-m3wp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43780 – Server-Side Request Forgery (SSRF) in Redash
https://notcve.org/view.php?id=CVE-2021-43780
23 Nov 2021 — Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library direct... • https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-7336
https://notcve.org/view.php?id=CVE-2018-7336
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. ... En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 02/02/2012, el disector FCP podría cerrarse inesperadamente. • http://www.securityfocus.com/bid/103166 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6216
https://notcve.org/view.php?id=CVE-2007-6216
04 Dec 2007 — Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. Condición de carrera en el controlador de protocolo Fibre Channel protocol (fcp) y sistema de archivos Devices (devfs) en Sun Solaris 10 permite a usuarios locales provocar denegación de servicio (cuelgue del sistema) a ... • http://osvdb.org/40826 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •