RockyLinux 9 : bind9.18 (RLSA-2026:24368)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24368 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

CVE-2026-24368

creationtimestamp| type| source ---|---|--- 2026-01-22 17:34:33+00:00| seen| https://gist.github.com/Darkcrai86/2b1cff8de1d23f7dd0ecaa087f055ea2 2026-01-22 19:58:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mczxvpvy7h2n...

CVE-2025-24368

Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in buildruleitemfilter function from lib/apiautomation.php, resulting in SQL injection. This vulnerability ...

CVE-2025-24368

creationtimestamp| type| source ---|---|--- 2025-01-27 17:20:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113901463569228585 2025-01-27 18:16:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqkdprv2x27 2025-01-27 20:11:16+00:00| seen|...

CVE-2025-24368 Cacti has a SQL Injection vulnerability when using tree rules through Automation API

Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in buildruleitemfilter function from lib/apiautomation.php, resulting in SQL injection. This vulnerability ...

CVE-2023-24368

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2022-24368

Foxit PDF Reader 11.1.0.52543 is affected by CVE-2022-24368. The issue arises in the handling of Doc objects due to a lack of validation of an object’s existence before performing operations, which can lead to sensitive information disclosure. The description notes that an attacker can leverage t...

CVE-2021-24368

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its resultid parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a...

CVE-2021-24368

The CVE-2021-24368 entry concerns the WordPress plugin Quiz And Survey Master (before 7.1.18). The vulnerability is a reflected Cross-Site Scripting (XSS) in the result_id parameter on the existing quiz results page due to inadequate sanitisation/escaping. Impact described: could enable privilege...

CVE-2021-24368 Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS)

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its resultid parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a...

openSUSE: Security Advisory for icingaweb2 (openSUSE-SU-2020:1674-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1674-1 Security update for icingaweb2

This update for icingaweb2 fixes the following issues: - icingaweb2 was updated to 2.7.4 CVE-2020-24368: Fixed a path Traversal which could have allowed an attacker to access arbitrary files which are readable by the process running boo1175530...

Debian: Security Advisory (DSA-4747-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : Icinga Web 2 -- directory traversal vulnerability (f60561e7-e23e-11ea-be64-507b9d01076a)

Icinga development team reports : CVE-2020-24368 Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4,...

DEBIAN-CVE-2020-24368

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...

CVE-2020-24368

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...

CVE-2020-24368

Summary: CVE-2020-24368 affects Icinga Web 2 (Icinga Web2) versions 2.0.0–2.6.4, 2.7.4 and 2.8.2, via a directory traversal vulnerability that allows access to arbitrary files readable by the web process. The issue is fixed in the same product series at versions 2.6.4, 2.7.4 and 2.8.2. Impact (as...

CVE-2020-24368

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2...

Icinga Web 2 -- directory traversal vulnerability

Icinga development team reports: CVE-2020-24368 Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4,...

CVE-2023-24368

...