MD-404AA, MD-808AA Security Vulnerabilities

SUSE: Security Advisory (SUSE-SU-2024:1643-1)

The remote host is missing an update for...

Security Update for Microsoft .NET Core SDK (May 2024)

The version of .NET Core SDK installed on the remote host is 7.x prior to 7.0.19 or 8.x prior to 8.0.5. It is, therefore, affected by remote code execution vulnerability as referenced in the May 2024 advisory: A remote code execution vulnerability. An attacker can exploit this to bypass...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1609)

The remote host is missing an update for the Huawei...

.NET Core Multiple Vulnerabilities (KB5038351)

This host is missing an important security update according to Microsoft...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1642-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1642-1 advisory. In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...

Grafana directory traversal for .cvs files

Today we are releasing Grafana 8.3.2 and 7.5.12. This patch release includes a moderate severity security fix for directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is....

CVE-2024-35012

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-35010

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-35011

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-35010

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-35009

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-35011

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-35009

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...

CVE-2024-34256

OFCMS V1.1.2 is vulnerable to SQL Injection via the new table...

CVE-2024-34256

OFCMS V1.1.2 is vulnerable to SQL Injection via the new table...

CVE-2024-4798

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

CVE-2024-4701

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to...

CVE-2024-34231

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name...

CVE-2024-34230

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information...

CVE-2024-34231

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name...

CVE-2024-34230

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information...

CVE-2024-33771

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter...

CVE-2024-33773

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter...

CVE-2024-33771

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter...

CVE-2024-33772

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter...

CVE-2024-33774

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter...

CVE-2024-33772

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter...

CVE-2024-33250

An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted...

.NET 7.0 Update - May 14, 2024 (KB5038351)

.NET 7.0 Update - May 14, 2024 (KB5038351) NET 7.0 has been refreshed with the latest update as of May 14, 2024. This update contains both security and non-security fixes. See the release notes for details on updated packages..NET 7.0 servicing updates are upgrades. The latest servicing update for....

.NET 6.0 Update - May 14, 2024 (KB5038350)

.NET 6.0 Update - May 14, 2024 (KB5038350) .NET 6.0 has been refreshed with the latest update as of May 14, 2024. This update contains only non-security fixes. See the release notes for details on updated packages..NET 6.0 servicing updates are upgrades. The latest servicing update for 6.0 will...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

Unbreakable Enterprise kernel security update

[4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page...

Unbreakable Enterprise kernel security update

[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

CVE-2024-4798 SourceCodester Online Computer and Laptop Store manage_brand.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

CVE-2024-4798 SourceCodester Online Computer and Laptop Store manage_brand.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

RHEL 6 : libssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libssh: authorization bypass in pki_verify_data_signature (CVE-2023-2283) A flaw was found in the libssh...

RHEL 5 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

RHEL 7 : libssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (CVE-2020-16135) libssh:...