38 matches found
Azure Linux 3.0 Security Update: kernel (CVE-2025-21642)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21642 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using...
CVE-2020-21642
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code...
CVE-2025-21642 affecting package kernel for versions less than 6.6.78.1-3
CVE-2025-21642 affecting package kernel for versions less than 6.6.78.1-3. An upgraded version of the package is available that resolves this issue...
Linux Distros Unpatched Vulnerability : CVE-2025-21642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is...
BELL-CVE-2025-21642
Bulletin has no description...
CVE-2025-21642
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how th...
CVE-2025-21642
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how th...
CVE-2025-21642
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how th...
CVE-2025-21642
creationtimestamp| type| source ---|---|--- 2025-01-19 10:57:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113854659091214712 2025-01-19 11:15:50+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lg3p43xec72h 2025-01-19 13:07:21+00:00| seen|...
CVE-2025-21642 mptcp: sysctl: sched: avoid using current->nsproxy
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how th...
CVE-2025-21642
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how th...
CVE-2025-21642
CVE-2025-21642 affects the Linux kernel’s MPTCP subsystem. The issue arises from using current->nsproxy/netns when accessing per-netns data via sysctl entries (net/mptcp/ctrl.c), which can diverge from the netns the table is associated with. The described consequence is a general protection fa...
CVE-2025-21642 mptcp: sysctl: sched: avoid using current->nsproxy
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how th...
CVE-2024-21642
creationtimestamp| type| source ---|---|--- 2024-01-05 23:21:56+00:00| seen| https://t.me/ctinow/163767...
CVE-2024-21642
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
airi-test-task (=0.1.0), dtaledesktop (>=0.0.1 <=0.1.3) +13 more potentially affected by CVE-2024-21642 via dtale (>=2.16.0 <=3.22.0)
dtale PYPI version =2.16.0, =0.0.1, =0.1.0, =0.0.0.35, =0.1.1, =0.0.14, =0.0.5, =0.0.10, =1.0.0, =0.3.3, =0.1.0, =0.1.5 Source cves: CVE-2024-21642 Source advisory: OSV:GHSA-7HFX-H3J3-RWQ4...
CVE-2024-21642 D-Tale server-side request forgery through Web uploads
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
CVE-2024-21642 D-Tale server-side request forgery through Web uploads
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
CVE-2024-21642
D-Tale (Man Group) is affected by CVE-2024-21642. Prior to version 3.9.0, hosting D-Tale publicly can enable server-side request forgery (SSRF) via the Load From the Web feature, allowing access to server files. The fix is to upgrade to version 3.9.0, where this input is disabled by default. A wo...
CVE-2023-21642 Improper Access Control in HAB Memory Management
Memory corruption in HAB Memory management due to broad system privileges via physical address...