1174 matches found
Solaris 10 (sparc): 148241-08
SunOS 5.10: SunOS 5.10: statd patch. Date this patch was last updated by Sun : Jan/15/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255260; scriptversion"1.1";...
Solaris 10 (i386): 119784-51
SunOS 5.10: SunOS 5.10x86: BIND patch. Date this patch was last updated by Sun : Jan/15/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255258; scriptversion"1.1";...
CVE-2023-5376
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01...
CVE-2024-42758
A Cross-site Scripting XSS vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki Open Source Wiki Engine. A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is the...
Photon OS 5.0: Libssh PHSA-2024-5.0-0187
An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0187. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CLSA-2024-1719569607 Update of linux-firmware
Update AMD CPU microcode to 2024-01-16: - Update AMD CPU microcode for processor family 19h: sig 0x00a00f11, sig 0x00a00f12;...
PT-2024-20354 · Vaales Technologies · V Qrs
Name of the Vulnerable Software and Affected Versions: Vaales Technologies V QRS version 2024-01-17 Description: The issue allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. This is achieved through a SQL injection vulnerability. Recommendations: For...
CVE-2024-24313
An issue in Vaales Technologies VQRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component...
SaltStack 3000 < 3005.5 / 3006 < 3006.6 Multiple Vulnerablities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Syndic cache directory creation is vulnerable to a directory traversal attack. CVE-2024-22231 - A specially crafted url can be created which leads to a...
CVE-2024-23824
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...
Code injection
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...
CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...
CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...
PT-2024-20106 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow versions 2023-12a and prior Description: The application is vulnerable to a pixel flood attack. Once the payload has been successfully uploaded in the logo, the application becomes slow and unresponsive in the admin page...
SUSE CVE-2024-21646
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remo...
GHSA-9H6G-PR28-7CQP
creationtimestamp| type| source ---|---|--- 2024-01-31 23:56:53+00:00| seen| https://t.me/ctinow/177197...
GHSA-9XC9-XQ7W-VPCR
creationtimestamp| type| source ---|---|--- 2024-01-31 23:56:52+00:00| seen| https://t.me/ctinow/177196...
CVE-2024-24747
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...
CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...
CVE-2024-22282
creationtimestamp| type| source ---|---|--- 2024-01-31 19:31:48+00:00| seen| https://t.me/ctinow/177022...