SUSE CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

CVE-2026-24512 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

CVE-2026-24512

Ingress-NGINX Controller vulnerability CVE-2026-24512: the rules.http.paths.path Ingress field can inject configuration into nginx, enabling arbitrary code execution and access to controller-scoped Secrets. Affected versions include k8s.io/ingress-nginx before 1.13.7 and 1.14.x before 1.14.3; rem...

CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

CVE-2026-24512

creationtimestamp| type| source ---|---|--- 2026-02-02 15:57:33+00:00| seen| https://seclists.org/oss-sec/2026/q1/140 2026-02-03 18:11:43+00:00| seen| https://hachyderm.io/users/ChrisShort/statuses/116008045925159135 2026-02-03 18:11:45+00:00| seen|...

MiracleLinux 8 : microcode_ctl-20210216-1.20210525.1.el8 (AXSA:2021-2200:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2200:09 advisory. hw: vt-d related privilege escalation CVE-2020-24489 hw: improper isolation of shared resources in some Intel Processors CVE-2020-24511 hw: observab...

CVE-2024-24512

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

Alibaba Cloud Linux 3 : 0057: microcode_ctl (ALINUX3-SA-2021:0057)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-11139: Improper conditions check ...

CVE-2024-24512

creationtimestamp| type| source ---|---|--- 2024-03-02 00:22:10+00:00| seen| https://t.me/ctinow/198154 2024-03-02 00:31:57+00:00| seen| https://t.me/ctinow/198163...

CVE-2024-24512

CVE-2024-24512 concerns PKP Open Journal Systems (PKP OJS) 3.4. It is a Cross Site Scripting (XSS) vulnerability in the input subtitle component that could allow an attacker to execute arbitrary code. The CVE is documented with a CVSS v3.1 base score of 6.1 (MEDIUM) with network attack vector, lo...

Rocky Linux 8 : .NET 5.0 (RLSA-2022:0830)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0830 advisory. - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a one-shot decompression...

Rocky Linux 8 : .NET Core 3.1 (RLSA-2022:0827)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0827 advisory. - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a one-shot decompression...

Rocky Linux 8 : .NET 6.0 (RLSA-2022:0826)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0826 advisory. - .NET and Visual Studio Denial of Service Vulnerability CVE-2022-24464 - .NET and Visual Studio Remote Code Execution Vulnerability CVE-2022-24512 Note...

Rocky Linux 8 : microcode_ctl (RLSA-2021:3027)

The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2021:3027 advisory. - Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable...

SUSE CVE-2022-24512

unknown...

CVE-2023-24512

creationtimestamp| type| source ---|---|--- 2023-04-26 00:25:17+00:00| seen| https://t.me/cibsecurity/62856...

CVE-2023-24512

The CVE-2023-24512 issue affects Arista EOS running with the Streaming Telemetry Agent (TerminAttr) enabled and gNMI access configured. An authorized attacker with gNMI permissions could craft a request to update arbitrary switch configurations, under conditions where TerminAttr is present and gR...

CVE-2023-24512 On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...

Security Advisory 0086

Security Advisory 0086 . CSAF PDF Date: April 25, 2023 Revision | Date | Changes ---|---|--- 1.0 | April 25, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 Base Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Common Weakness Enumeration: CWE-284 Improper...

K32562936: Intel CPU vulnerabilities CVE-2020-24511 and CVE-2020-24512

Security Advisory Description CVE-2020-24511 Improper isolation of shared resources in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-24512 Observable timing discrepancy in some IntelR Processors may allow an...