Siemens SIMATIC Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-36288)

SUNRPC: Fix loop termination condition in gssfreeintokenpages The intoken-pages array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range 0x04a2013400000008-0x04a201340000000f. This plugin only works with Tenable.ot. Please visit...

MAL-2025-36288 Malicious code in test-mlw2-sooty-batik (npm)

The package test-mlw2-sooty-batik was found to contain malicious code...

Azure Linux 3.0 Security Update: kernel (CVE-2024-36288)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36288 advisory. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition i...

CVE-2024-36288 affecting package kernel for versions less than 6.6.43.1-7

CVE-2024-36288 affecting package kernel for versions less than 6.6.43.1-7. A patched version of the package is available...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12581)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12581 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879157 CVE-2024-41090 CVE-2024-41091 - netfilter: ipset: Fix race between...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-36288)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36288 advisory. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition i...

CVE-2024-36288 affecting package kernel for versions less than 5.15.162.2-1

CVE-2024-36288 affecting package kernel for versions less than 5.15.162.2-1. A patched version of the package is available...

Debian dsa-5730 : affs-modules-5.10.0-29-4kc-malta-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5730 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5730-1 [email protected] https://www.debian.org/securit...

BELL-CVE-2024-36288 CVE-2024-36288 does not affect BellSoft software

Bulletin has no description...

CVE-2023-36288

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...

CVE-2023-36288

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...

CVE-2023-36288

The CVE-2023-36288 issue affects Webkul QloApps v1.6.0 and is an unauthenticated Cross-Site Scripting (XSS) flaw in the configure parameter of a GET request. The underlying risk is that an attacker can steal a user’s session cookie and impersonate that user. There is no explicit evidence of explo...

CVE-2022-36288

creationtimestamp| type| source ---|---|--- 2022-08-23 20:21:53+00:00| seen| https://t.me/cibsecurity/48603...

CVE-2022-36288

Multiple Cross-Site Request Forgery CSRF vulnerabilities in W3 Eden Download Manager plugin = 3.2.48 at WordPress...

CVE-2022-36288 WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities in W3 Eden Download Manager plugin = 3.2.48 at WordPress...

CVE-2022-36288

CVE-2022-36288 concerns the WordPress Download Manager plugin (versions up to and including 3.2.48). Multiple CSRF vulnerabilities exist in this plugin, allowing arbitrary actions to be performed by an attacker with a logged-in admin user when a user is enticed to visit a crafted page or perform ...

CVE-2021-36288

creationtimestamp| type| source ---|---|--- 2022-04-09 00:13:27+00:00| seen| https://t.me/cibsecurity/40415...

CVE-2021-36288

CVE-2021-36288 corresponds to a path traversal vulnerability in Dell VNX2 for File (versions up to and including 8.1.21.266). An unauthenticated user could read/write restricted files due to improper input validation in the affected component. The exploitability is network-based with low attack c...

Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (1/2)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.12, 8.6.x 8.13.4 or 8.14.x 8.15.1. It is, therefore, affected by multiple vulnerabilities: - A DOM based Cross-Site Scripting XSS vulnerability caused by parameter...

Atlassian Jira < 8.5.12 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.12, 8.6.x 8.13.4 or 8.14.x 8.15.1. It is, therefore, affected by multiple vulnerabilities: - A DOM based Cross-Site Scripting XSS vulnerability caused by parameter...