112 matches found
PT-2023-23356 · Gl.Inet · Gl.Inet
Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: A path traversal issue was discovered, allowing the sharing of arbitrary directories, such as /tmp or /etc, through the file sharing feature due to the lack of server-side restrictions...
PT-2023-22029 · Trustwave · Modsecurity
Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.5 through 3.0.8 Description: The issue allows a denial of service, causing worker crash and unresponsiveness. This occurs because some inputs cause a segfault in the Transaction class for certain...
PT-2023-21713 · Pdfio +1 · Pdfio +1
Name of the Vulnerable Software and Affected Versions: PDFio versions 1.1.0 and prior Description: A denial of service issue exists in the pdfio parser, where crafted PDF files can cause the program to run at 100% utilization and never terminate. Recommendations: For PDFio versions 1.1.0 and prio...
PT-2023-35425 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.95 Description: The issue concerns error handling in the mmc spi probe function. It was introduced in version v2.6.24 and fixed in version v5.15.95. The actual impact and attack plausibility have not yet...
PT-2023-34970 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.6 through v6.1.8 Description: The issue is related to a potential integer overflow on shift of an int in the perf/x86/amd component. The actual impact and attack plausibility have not yet been proven. Recommendations:...
PT-2023-16473 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax delete folder function, allowing authenticated attackers with subscriber-level permissions...
PT-2023-34874 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.164 Description: The issue is related to the dp aux cmd fifo tx function, where it may not be completed if the irq is not for aux transfer. The actual impact and attack plausibility have not yet been prove...
PT-2023-34329 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.13 through 5.10.162 Description: A potential resource leak issue has been identified. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions 3.13 through 5.10.162...
PT-2023-33511 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v4.6 through v6.0.17 Description: The issue is related to a deadlock caused by mbcache entry corruption in the ext4 filesystem. The actual impact and potential for attack have not been proven yet. Recommendations: For...
PT-2022-21352 · Apache · Apache Bookkeeper Java Client
Name of the Vulnerable Software and Affected Versions: Apache Bookkeeper Java Client versions prior to 4.14.6 and 4.15.1 Description: The Apache Bookkeeper Java Client does not close the connection to the bookkeeper server when TLS hostname verification fails, leaving it vulnerable to a...
PT-2022-26887 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier Description: A sandbox bypass issue involves casting an array-like value to an array type, allowing attackers with permission to define and run sandboxed scripts,...
SUSE-RU-2022:1384-1 Recommended update for Salt
This update fixes the following issues: salt: - Clear network interfaces cache on grains request bsc1196050 - Handle old qemu-img not supporting -U parameter bsc1195221 - Restrict 'state.orchestratesingle' to pass a pillar value if it exists bsc1194632 - Fix sparse disk errors on Python 2 virt...
SUSE-RU-2022:14935-1 Recommended update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR bsc1197903: MFSA 2022-14 bsc1197903 CVE-2022-1097: Fixed memory safety violations that could occur when PKCS11 tokens are removed while in use CVE-2022-28281: Fixed an out of bounds write due to...
PT-2022-9552 · WordPress · The Ultimate Product Catalog
Name of the Vulnerable Software and Affected Versions: The Ultimate Product Catalog WordPress plugin versions prior to 5.0.26 Description: The issue is related to the lack of authorization and CSRF checks in some AJAX actions. This could allow any authenticated users, such as subscribers, to call...
PT-2022-9928 · Ibm · Ibm Engineering Workflow Management +1
Name of the Vulnerable Software and Affected Versions: IBM Engineering Workflow Management versions 7.0 through 7.0.2 IBM Rational Team Concert versions 6.0.6 through 6.0.6.1 Description: The issue allows an authenticated attacker to obtain sensitive information from build definitions, which coul...
openSUSE 15 : Recommended update for php7 (openSUSE-SU-2021:3943-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3943-1 advisory. - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daem...
PT-2021-7870
Name of the Vulnerable Software and Affected Versions OpenSSH versions 6.2 through 8.x before 8.8 Description The issue is related to the management of privileges in OpenSSH, allowing privilege escalation when certain non-default configurations are used. This occurs because supplemental groups ar...
openSUSE 15 : Recommended update for seamonkey (openSUSE-SU-2021:1129-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1129-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...
SUSE-RU-2021:0985-1 Recommended update for the Azure SDK and CLI
This update for the Azure SDK and CLI adds support for the AHB Azure Hybrid Benefit. bsc1176784, jscECO=3105...
SUSE-RU-2021:0497-1 Recommended update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, release-notes-suse-openstack-cloud, sleshammer
This update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1,...