SUSE SLES12 Security Update : kernel (Live Patch 60 for SLE 12 SP5) (SUSE-SU-2025:03652-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03652-1 advisory. This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth:...

SUSE SLES12 Security Update : kernel (Live Patch 72 for SLE 12 SP5) (SUSE-SU-2025:3684-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:3684-1 advisory. This update for the Linux Kernel 4.12.14-122272 fixes one issue. The following security issue was fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix...

Security update for the Linux Kernel (Live Patch 72 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122272 fixes one issue. The following security issue was fixed: CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...

SUSE-SU-2025:03652-1 Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. -...

Linux Distros Unpatched Vulnerability : CVE-2022-50386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth:...

CVE-2022-50386

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...

UBUNTU-CVE-2022-50386

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...

Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2023-50386, CVE-2023-50298, CVE-2023-50292, CVE-2023-50291)

Summary There are vulnerabilities in backup/restore APIs, Solr streaming expressions, and Apache Solr schema designer that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Improper Control of Dynamically-Managed Code...

CVE-2024-50386

creationtimestamp| type| source ---|---|--- 2024-11-12 17:12:40+00:00| published-proof-of-concept| https://t.me/cvedetector/10621 2024-11-13 07:54:11+00:00| seen| https://t.me/CyberBulletin/1443 2024-11-13 07:54:11+00:00| seen| https://t.me/CyberBulletin/26405...

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

Metasploit Weekly Wrap-Up 04/26/24

Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...

Apache Solr Backup/Restore API Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Solr Backup/Restore APIs RCE', 'Description' = %q Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1 is affected by an...

Oracle Primavera Unifier (April 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr

Apache-Solr-RCECVE-2023-50386POC Apache Solr Backup/Restor...

CVE-2023-50386

creationtimestamp| type| source ---|---|--- 2024-02-09 19:26:59+00:00| seen| https://t.me/ctinow/182212 2024-02-09 23:41:58+00:00| seen| https://t.me/ctinow/182335 2024-02-29 08:59:17+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6691 2024-02-29 13:25:59+00:00|...

CVE-2023-50386 vulnerabilities

Vulnerabilities for packages: solr...

CVE-2023-50386 vulnerabilities

Vulnerabilities for packages: solr...

CVE-2023-50386

CVE-2023-50386 is an Apache Solr vulnerability affecting 6.0.0–8.11.2 and 9.0.0–9.3.x that allows unrestricted uploading of Java jar/class files via the ConfigSets API. When backing up Solr Collections with LocalFileSystemRepository, backup files can land on directories in the Solr ClassLoader, p...