CVE-2024-42018

An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration...

BIT-VALKEY-2021-32627 Integer overflow issue with Streams in Redis

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...

BIT-VALKEY-2021-32628 Vulnerability in handling large ziplists

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist...

BIT-KEYDB-2021-32628 Vulnerability in handling large ziplists

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist...

CVE-2024-37036

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set...

CVE-2024-37036

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set...

CVE-2024-37036

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set...

CVE-2024-37036

CVE-2024-37036 affects Schneider Electric Sage RTU devices (SAGE RTU). The NVD entry describes an Out-of-bounds Write vulnerability (CWE-787) that could result in an authentication bypass when a malformed POST request is sent with certain configuration parameters. Several connected sources corrob...

The vulnerability of the fromDhcpSetSer function in Tenda i21 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromDhcpSetSer /goform/DhcpSetSe function in the Tenda i21 router software arises due to a buffer overflow occurring during the processing of the arguments dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2. Exploiting this vulnerability allows an...

Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

CVE-2024-2746

CVE-2024-2746 is an incomplete fix for CVE-2024-1929 affecting dnf5/libdnf5 where the D-Bus interface accepts untrusted configuration overrides, enabling local root control by loading user-supplied plugins or manipulating privileged files. Public reports describe potential DoS via large/blocked f...

Fedora: Security Advisory (FEDORA-2024-c673517dce)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40

The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources. Commons Configuration provides typed access to single, and multi-valued configuration parameters as demonstrated by the...

GHSA-555P-M4V6-CQXV ASA-2024-004: Default configuration param for Evidence may limit window of validity

ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...

Fedora 39 : python-templated-dictionary (2024-f69989e7dd)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f69989e7dd advisory. Fixing CVE-2023-6395 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

Internet Bug Bounty: Denial of Service caused by HTTP/2 CONTINUATION Flood

A denial of service vulnerability was discovered in Apache Tomcat versions 11.0.0-M1 to 11.0.0-M16, 10.1.0-M1 to 10.1.18, 9.0.0-M1 to 9.0.85, and 8.5.0 to 8.5.98. The vulnerability was caused by the way Tomcat processed HTTP/2 requests that exceeded configured limits for headers. A fix was releas...

Privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

GHSA-7J98-74JH-CJXH Privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

AZL-43540 CVE-2023-6395 affecting package python-templated-dictionary 1.1-6

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...