459 matches found
AZL-54815 CVE-2024-56647 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...
AZL-54735 CVE-2024-56647 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...
UBUNTU-CVE-2024-56647
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...
CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...
CVE-2024-56647
CVE-2024-56647: In the Linux kernel, icmp host relookup can trigger ip_rt_bug when ARP/link conditions and xfrm are involved. The fix skips icmp relookup for locally generated packets (e.g., ICMP errors) to avoid dst->out being ip_rt_bug on loopback and similar scenarios. Reproduced scenario s...
vivo Permission manager module 安全漏洞
The vivo Permission manager module is a cell phone permission management module from the Chinese company Vivo. A security vulnerability exists in vivo Permission manager module, which originates from a locally installed application that can bypass permission checking and perform system operations...
Juniper Junos OS Vulnerability (JSA88131)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA88131 advisory. - A NULL Pointer Dereference vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C...
Ivanti Velocity License Server 安全漏洞
Ivanti Velocity License Server is an application from Ivanti USA that provides licenses to mobile devices using Velocity or terminal emulation clients. A security vulnerability exists in Ivanti Velocity License Server versions prior to 5.2, which stems from the presence of insecure privileges tha...
Siemens Questa and ModelSim
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Rockwell Automation Emulate3D
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION : Exploitable locally Vendor : Rockwell Automation Equipment : Emulate3D Vulnerability : Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
CVE-2024-7325
A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The...
CVE-2024-4748 RCE in Cruddiy
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...
CVE-2024-4748 RCE in Cruddiy
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...
CVE-2024-22333 IBM Maximo Application Suite information disclosure
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973...
IBM Maximo Asset Management and IBM Maximo Application Suite Security Vulnerabilities
IBM Maximo Asset Management and IBM Maximo Application Suite are both products of International Business Machines IBM, U.S.A. IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution. The solution is capable of managing all types of assets, such as...
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places theyve been ...
SUSE CVE-2019-11246
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is...
CVE-2022-43841 IBM Aspera Console information disclosure
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078...
WordPress Custom Fonts – Host Your Fonts Locally plugin <= 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by James Myers ConfidenceRemainsHigh in WordPress Plugin Custom Fonts – Host Your Fonts Locally versions = 2.1.4...
PT-2024-17949 · WordPress · Custom Fonts – Host Your Fonts Locally
Name of the Vulnerable Software and Affected Versions: Custom Fonts – Host Your Fonts Locally plugin for WordPress versions up to, and including, 2.1.4 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with author level or...