SUSE CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

CVE-2026-24512

Ingress-NGINX Controller vulnerability CVE-2026-24512: the rules.http.paths.path Ingress field can inject configuration into nginx, enabling arbitrary code execution and access to controller-scoped Secrets. Affected versions include k8s.io/ingress-nginx before 1.13.7 and 1.14.x before 1.14.3; rem...

CVE-2026-24512 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

CVE-2026-24512

creationtimestamp| type| source ---|---|--- 2026-02-02 15:57:33+00:00| seen| https://seclists.org/oss-sec/2026/q1/140 2026-02-03 18:11:43+00:00| seen| https://hachyderm.io/users/ChrisShort/statuses/116008045925159135 2026-02-03 18:11:45+00:00| seen|...

MiracleLinux 8 : microcode_ctl-20210216-1.20210525.1.el8 (AXSA:2021-2200:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2200:09 advisory. hw: vt-d related privilege escalation CVE-2020-24489 hw: improper isolation of shared resources in some Intel Processors CVE-2020-24511 hw: observab...

CVE-2024-24512

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

Alibaba Cloud Linux 3 : 0057: microcode_ctl (ALINUX3-SA-2021:0057)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-11139: Improper conditions check ...

CVE-2024-24512

creationtimestamp| type| source ---|---|--- 2024-03-02 00:22:10+00:00| seen| https://t.me/ctinow/198154 2024-03-02 00:31:57+00:00| seen| https://t.me/ctinow/198163...

CVE-2024-24512

CVE-2024-24512 concerns PKP Open Journal Systems (PKP OJS) 3.4. It is a Cross Site Scripting (XSS) vulnerability in the input subtitle component that could allow an attacker to execute arbitrary code. The CVE is documented with a CVSS v3.1 base score of 6.1 (MEDIUM) with network attack vector, lo...

Rocky Linux 8 : .NET 5.0 (RLSA-2022:0830)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0830 advisory. - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a one-shot decompression...

Rocky Linux 8 : .NET 6.0 (RLSA-2022:0826)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0826 advisory. - .NET and Visual Studio Denial of Service Vulnerability CVE-2022-24464 - .NET and Visual Studio Remote Code Execution Vulnerability CVE-2022-24512 Note...

Rocky Linux 8 : microcode_ctl (RLSA-2021:3027)

The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2021:3027 advisory. - Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable...

Rocky Linux 8 : .NET Core 3.1 (RLSA-2022:0827)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0827 advisory. - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a one-shot decompression...

SUSE CVE-2022-24512

unknown...

CVE-2023-24512

creationtimestamp| type| source ---|---|--- 2023-04-26 00:25:17+00:00| seen| https://t.me/cibsecurity/62856...

CVE-2023-24512 On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...

CVE-2023-24512

The CVE-2023-24512 issue affects Arista EOS running with the Streaming Telemetry Agent (TerminAttr) enabled and gNMI access configured. An authorized attacker with gNMI permissions could craft a request to update arbitrary switch configurations, under conditions where TerminAttr is present and gR...

Security Advisory 0086

Security Advisory 0086 . CSAF PDF Date: April 25, 2023 Revision | Date | Changes ---|---|--- 1.0 | April 25, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 Base Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Common Weakness Enumeration: CWE-284 Improper...

K32562936: Intel CPU vulnerabilities CVE-2020-24511 and CVE-2020-24512

Security Advisory Description CVE-2020-24511 Improper isolation of shared resources in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-24512 Observable timing discrepancy in some IntelR Processors may allow an...