444 matches found
kernel: team: NULL pointer dereference when team device type is changed
A NULL pointer dereference flaw was found in drivers/net/team/team.c in the Linux kernel...
CVE-2024-27000 serial: mxs-auart: add spinlock around changing cts state
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in serialcore expects the caller to hold uport-lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded ...
PT-2024-24418 · Leadinfo · Leadinfo
Name of the Vulnerable Software and Affected Versions: Leadinfo versions 1.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This issue allows an attacker to perform unintended actions on a user's account. The estimated number of potentially affected devices...
CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
Cross site request forgery (csrf)
A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application...
PT-2023-32740 · Efacec · Bcu 500 +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF...
CVE-2023-38885
OpenSIS Classic Community Edition version 9.0 is described as lacking cross-site request forgery (CSRF) protection throughout the entire application. The vulnerability could allow an attacker to trick an authenticated user into performing any kind of state-changing request. The connected sources ...
Potential Race Condition in Rewards Calculation
Lines of code Vulnerability details Impact If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated. Proo...
ManageEngine AssetExplorer < 6.9 Build 6987
The version of ManageEngine AssetExplorer installed on the remote host is prior to 6.9 Build 6987. It is, therefore, affected by a vulnerability as referenced in the asset-explorerCVE-2023-23078 advisory. - Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the...
Rocky Linux 8 : libarchive (RLSA-2022:0892)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0892 advisory. - An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker m...
CVE-2023-43508
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to...
Authorization
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to...
CVE-2023-43508
Technical details (affected product versions, root cause, and fixes) are not publicly disclosed in the provided documents; monitor for updates from Aruba and related advisories.
[M-16] Reentrancy in the BaseBranchRouter contract
Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...
CVE-2023-43891
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload...
Command injection
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload...
CVE-2023-43891
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload...
NETIS SYSTEMS N3 Command Injection Vulnerability
NETIS SYSTEMS N3 is a router from NETIS SYSTEMS. A command injection vulnerability exists in the Netis N3Mv2-V.1.0.1.865 version, which stems from a command injection vulnerability in the Changing Username and Password function...
CVE-2023-43891
Netis N3Mv2, version 1.0.1.865, contains a command injection in the Changing Username and Password function, exploitable via a crafted payload. CVSS v3.1 base score 9.8 (CRITICAL) with network access, no privileges, no user interaction required. Root cause: input handling in the affected function...