CVE-2024-26743

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the allocated resources in case that qedrinituserqueue fail. ----------- cut here ----------- WARNING: CPU: 0 PID: 143192 at...

CVE-2024-26743 RDMA/qedr: Fix qedr_create_user_qp error flow

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the allocated resources in case that qedrinituserqueue fail. ----------- cut here ----------- WARNING: CPU: 0 PID: 143192 at...

Gleez Cms Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control, resulting in leakage of interface documents (e.g., /api/system/v2/api-docs). The CVE details from multiple sources describe an externally reachable risk with high impact to confidentiality and integrity, and a critical CVSS 3.1 score (9.1)...

olcne security update

1.8.1-2 - Cleanup spec file 1.8.1-1 - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture -...

Updated kernel,kmod-xtables-addons,kmod-virtualbox packages fix bugs and provide mitigations

Upstream kernel version 6.6.22 contain bug fixes and mitigations. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the mitigations see the changelog...

USN-6588-2: PAM vulnerability

USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing director...

CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/importrun.php&type=externalAssessment&step=4 URI...

[SECURITY] Fedora 40 Update: baresip-3.10.1-1.fc40

A modular SIP user-agent with support for audio and video, and many IETF standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and IPv6. Additional modules provide support for audio codecs like Codec2, G.711, G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer...

The vulnerabilities of the modules of the central processor in microprogrammed logic controllers of the MELSEC-Q Series and MELSEC-L Series allow a hacker to execute arbitrary code.

The vulnerability of the modules of the central processor in microprogrammed logic controllers of the MELSEC-Q Series and MELSEC-L Series is related to a full-integer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

PT-2024-22901 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 Humble Hawksbill versions 2 Description: A command injection issue has been found, allowing remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via External Command...

Metasploit Wrap-Up 03/15/2024

New module content 3 GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: 18716 contributed by h00die Path: admin/http/gitlabpasswordresetaccounttakeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that leverages an...

CVE-2024-0802

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted pack...

CVE-2024-0803

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

CVE-2024-1917

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

CVE-2024-1917

CVE-2024-1917 is an Integer Overflow/Wraparound vulnerability in Mitsubishi Electric MELSEC-Q/L Series CPU modules that allows a remote unauthenticated attacker to execute malicious code by sending a crafted packet. Affected products include MELSEC-Q Series and MELSEC-L Series CPU modules (e.g., ...

CVE-2024-1916

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

CVE-2024-1916

The CVE-2024-1916 issue affects Mitsubishi Electric MELSEC-Q/L Series CPU modules. A remote, unauthenticated attacker can exploit an Integer Overflow or Wraparound condition by sending a specially crafted packet to execute arbitrary code on affected devices. Affected products include MELSEC-Q Ser...