RHCOS 4 : OpenShift Container Platform 4.19.2 (RHSA-2025:9751)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9751 advisory. - podman: podman missing TLS verification CVE-2025-6032 Note that Nessus has not tested for this issue but has instead relied only on the...

EUVD-2024-1007

Malicious code in bioql PyPI...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist w...

Gradio < 4.19.2 CSRF

The version of Gradio installed on the remote host is prior to 4.19.2. It is, therefore, affected by a Cross-Site Request Forgery CSRF vulnerability in gradio-app/gradio which allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a...

Gradio < 4.19.2 Vulnerability - CVE-2024-1728

The version of Gradio installed on the remote host is prior to 4.19.2. It is, therefore, affected by a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the...

OPENSUSE-SU-2024:13345-1 ctdb-4.19.2+git.322.7e9201cef5-1.1 on GA media

These are all security issues fixed in the ctdb-4.19.2+git.322.7e9201cef5-1.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2024-29041

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an...

GHSA-HMX6-R76C-85G9 Gradio apps vulnerable to timing attacks to guess password

Impact This security policy is with regards to a timing attack that allows users of Gradio apps to potentially guess the password of password-protected Gradio apps. This relies on the fact that string comparisons in Python terminate early, as soon as there is a string mismatch. Because Gradio app...

Samba File Buffer Overflow Vulnerability (CVE-2023-5568)

Samba is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

WordPress File Uploader Plugin < 4.19.2 is vulnerable to Path Traversal

Software File Uploader Type Plugin Vulnerable versions 4.19.2 Fixed in 4.19.2 OWASP Top 10 A5: Broken Access Control Classification Path Traversal CVE CVE-2023-2688 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f1bb8a36ca00 Credits Marco Wotschka Required privilege...

SUSE CVE-2018-19407

The vcpuscanioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service NULL pointer dereference and BUG via crafted system calls that reach a situation where ioapic is uninitialized...

Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (polkit Method)

Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation polkit Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47167.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses polkit technique ---...

Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (cron Method)

Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation cron Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47164.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses crontab technique ---...

Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (ldpreload Method)

Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation ldpreload Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47166.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses ld.so.preload technique --...

[SECURITY] Fedora 29 Update: kernel-4.19.2-300.fc29

The kernel meta package...