Siemens SIMATIC Devices Improper Input Validation (CVE-2024-34027)

f2fs: compress: filesystem metadata including blkaddr in dnode, inode fields and .totalvalidblockcount may be corrupted after SPO case. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched...

CVE-2025-34027 Versa Concerto Authentication Bypass File Write Remote Code Execution

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

CVE-2025-34027

Summary of CVE-2025-34027: Versa Concerto SD-WAN exposes an authentication bypass in the Traefik reverse proxy configuration, enabling unauthorized access to administrative endpoints. In addition, the Spack upload endpoint can trigger a TOCTOU race with path loading manipulation to achieve remote...

Ubuntu: Security Advisory (USN-7009-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7008-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-5730 : affs-modules-5.10.0-29-4kc-malta-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5730 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5730-1 [email protected] https://www.debian.org/securit...

BELL-CVE-2024-34027

Bulletin has no description...

CVE-2024-34027

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover reserve,releasecompressblocks w/ cprwsem lock It needs to cover reserve,releasecompressblocks w/ cprwsem lock to avoid racing with checkpoint, otherwise, filesystem metadata including blkaddr in dnode...

CVE-2024-34027 f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover reserve,releasecompressblocks w/ cprwsem lock It needs to cover reserve,releasecompressblocks w/ cprwsem lock to avoid racing with checkpoint, otherwise, filesystem metadata including blkaddr in dnode...

CVE-2023-34027

creationtimestamp| type| source ---|---|--- 2024-01-13 09:16:51+00:00| seen| https://t.me/ctinow/167763...

CVE-2023-34027

Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0...

CVE-2023-34027

CVE-2023-34027: WordPress Recently Viewed Products plugin ≤1.0.0 is reported vulnerable to unauthenticated PHP object injection (deserialization of untrusted data). Public sources in the connected documents identify the affected software and version range, with the vulnerability title/description...

WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Recently Viewed Products Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-34027 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9c6c9d223c96 Credits Mika Required privilege...

CVE-2022-34027

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njsvalueproperty at njsvalue.c...

CVE-2022-34027

Summary: CVE-2022-34027 affects Nginx NJS 0.7.4. A vulnerability in the njs_value_property function (njs_value.c) may cause a segmentation fault and enable remote code execution. The CVSSv3.1 base score is 7.5 ( HIGH ), with network access, no user interaction required. Details from connected sou...

Memory Corruption Vulnerability in WPS Office for Windows (CNVD-2020-34027)

WPS Office for Windows is the software of Zhuhai Kingsoft Office Software Co., Ltd, which can realize the text, table, presentation and many other functions commonly used in office software. A memory corruption vulnerability exists in WPS Office for Windows, which can be exploited by attackers to...