20 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-1504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd before 6.10.0 allows remote attackers to cause a denial of service invalid read and crash via vectors related to the option length. CVE-2016-1504 Note th...
CVE-2021-34613
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...
WordPress Booking & Appointment Plugin for WooCommerce Plugin <= 6.9.0 is vulnerable to Broken Access Control
Software Booking & Appointment Plugin for WooCommerce Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.10.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10729 Patch priority High CVSS severity High 8.8 Developer Claim ownership PS...
CVE-2024-46746 HID: amd_sfh: free driver_data after destroying hid device
In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: free driverdata after destroying hid device HID driver callbacks aren't called anymore once hiddestroydevice has been called. Hence, hid driverdata should be freed only after the hiddestroydevice function returned as...
CVE-2024-43889
In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padatamthelper We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. 10.017908 Oops: divide error: 0000 1 PREEMPT SMP NOPTI 10.017908 CPU: 26 PID: 2627...
PT-2024-31345 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0 Description: The issue is caused by the function shift and mask using a signed immediate to construct the mask and being called with a shift of 31 WORK OFFQ POOL SHIFT, resulting in a subtraction overflow...
CVE-2024-41098 ata: libata-core: Fix null pointer dereference on error
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ataportalloc call in atahostalloc fails, atahostrelease will get called. However, the code in atahostrelease tries to free ataport struct members unconditionally, whi...
PT-2024-7332 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0 Description: The issue is related to the ext4 file system in the Linux kernel, specifically with the function ext4 ioctl getlabel in the fs/ext4/ioctl.c module. It involves improper memory access beyond t...
PT-2024-29727 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0-rc3-netnext+ Description: The issue arises when the ionic tx clean function calls napi consume skb, which in turn calls napi skb cache put. The problem occurs because napi consume skb is called without...
CVE-2023-49950
Summary (concrete): CVE-2023-49950 affects Logpoint SIEM 6.10.0 through 7.x before 7.3.0. A vulnerability in Jinja templating fails to sanitize log data displayed in the Alert view when using a custom template, allowing a remote attacker to craft an XSS payload and potentially cause sensitive dat...
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary This is reproducible on Data Center: / Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589. h3. Environment From Confluence 6.10.0, which comes with Apache 9.0.8, up to Confluence...
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. Module Options msf...
protobuf.js 安全漏洞
protobuf.js is a pure JavaScript implementation of protobufjs with a protocol buffer implementation for node.js and browser TypeScript support. It is easy to use, extremely fast, and works out-of-the-box with .proto files! A security vulnerability exists in protobuf.js versions 6.10.0 through pri...
SUSE CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...
CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...
@agconnect/database (>=1.1.0 <=1.3.2), @ardenthq/sdk-egld (>=1.0.0 <=1.3.1) +124 more potentially affected by CVE-2022-25878 via protobufjs (>=6.10.0 <=6.10.2)
protobufjs NPM version =6.10.0, =1.1.0, =1.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =0.0.0, =0.0.0-beta.20200917165907, =0.0.0-beta.20200724145337, =0.0.0-beta.20200724123546, =0.0.0-beta.20200724123546, =0.0.0-beta.20210111150545 and more Source cves: CVE-2022-25878 Source advisory:...
GHSA-G954-5HWP-PP24 Prototype Pollution in protobufjs
The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable. This vulnerability can occur in multiple ways: 1...
Aruba ClearPass Policy Manager Deserialization Vulnerability
Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager in 6.10.0, 6.9.6 and 6.8.9 before the existence of deserialization vulnerability, there are no details of the vulnerability...
CVE-2021-29150
A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...
Updated dhcpcd packages fix security vulnerability
Possible heap overflow in dhcpcd before 6.10.0 caused by malformed dhcp responses due to incorrect option length values CVE-2016-1503. Possible invalid read in dhcpcd before 6.10.0 caused by malformed dhcp responses can lead to a crash CVE-2016-1504. The dhcpcd package has been updated to version...