CVE-2018-20699 affecting package podman for versions less than 5.6.1-2

CVE-2018-20699 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

Security Bulletin: IBM Storage Ceph is vulnerable to Files or Directories Accessible to External Parties in Grafana (CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109)

Summary Moby is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109. Vulnerability Details CVEID:CVE-2022-36109 DESCRIPTION: Moby...

CVE-2024-20699

creationtimestamp| type| source ---|---|--- 2024-01-09 20:16:37+00:00| seen| https://t.me/ctinow/165330...

CVE-2024-20699

Windows Hyper-V Denial of Service Vulnerability...

CVE-2024-20699

Windows Hyper-V Denial of Service Vulnerability...

CVE-2024-20699

CVE-2024-20699 is a Windows Hyper-V Denial of Service vulnerability. The available data identifies the affected component as Hyper-V on Windows, with a local attack vector and low privileges required, and the impact described as denial of service (availability impact). The CVSS 3.1 vector indicat...

CVE-2024-20699 Windows Hyper-V Denial of Service Vulnerability

...

CVE-2024-20699 Windows Hyper-V Denial of Service Vulnerability

...

Oracle Linux 7 : docker-engine (ELSA-2019-4597)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4597 advisory. 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2023-20699

In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696073; Issue ID: ALPS07696073...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-36109 DESCRIPTION: Moby could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw with the supplementary groups are not set up properly. By...

CVE-2023-20699

In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696073; Issue ID: ALPS07696073...

CVE-2023-20699

CVE-2023-20699 describes an out-of-bounds write in the MediaTek adsp module (affecting MediaTek-based devices) caused by a missing bounds check. Impact per sources: local escalation of privilege with System execution privileges required, no user interaction needed. Patch reference: ALPS07696073 (...

Oracle Linux 7 : docker-engine (ELSA-2019-4598)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4598 advisory. - Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus...

Metasploit Weekly Wrap-Up

Spring4Shell module Community contributor vleminator added a new module which exploits CVE-2022-22965—more commonly known as "Spring4Shell." Depending on its deployment configuration, Java Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older can be vulnerable to unauthenticated...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV340 SSL VPN Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a stack buffer overflow in the Cisco RV serie...

Exploit for Stack-based Buffer Overflow in Cisco Rv340_Firmware

CVE-2022-20699 🎧 Br...

CVE-2022-20699

CVE-2022-20699 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The available connected materials indicate a stack-based buffer overflow in the RV340 SSL VPN functionality, leading to unauthenticated remote code execution with root-level impact on the device. Metasploit also d...

CVE-2022-20699 Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned softwa...