5655 matches found
GLSA-202405-11 : MIT krb5: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-11 MIT krb5: Multiple Vulnerabilities - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer...
Fedora 40 : micropython (2024-a3b517705e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a3b517705e advisory. - Update to 1.22.2 - Security fixes for CVE-2023-7158 and CVE-2023-7152 Tenable has extracted the preceding description block directly from the Fedo...
CVE-2024-4249
The CVE-2024-4249 entry affects Tenda i21 firmware 1.0.0.14(4656). The vulnerable component is the function formwrlSSIDget in the file /goform/wifiSSIDget, where manipulating the argument ssidIndex causes a stack-based buffer overflow. The vulnerability can be exploited remotely, and public explo...
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Several security vulnerabilities disclosed in Brocade SANnav storage area network SAN management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discover...
U.S. Dept Of Defense: [███] .NET Framework ObjRefs Disclosure (CVE-2024-29059)
A vulnerability was discovered in Microsoft .NET Framework that could allow a remote attacker to obtain sensitive information. The vulnerability was caused by the potential disclosure of ObjRef URIs, which could be used to perform .NET Remoting attacks via HTTP. The vulnerability was assigned the...
CVE-2023-4235
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliverreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...
CVE-2024-3909
CVE-2024-3909 affects Tenda AC500 firmware version 2.0.1.9(1307). The vulnerability lies in the formexeCommand function of /goform/execCommand, where improper handling of the cmdinput parameter causes a stack-based buffer overflow. This can be triggered remotely, and public exploit details exist ...
CVE-2024-3877
CVE-2024-3877 affects Tenda F1202 firmware 1.2.0.20(408). The vulnerable component is the function fromqossetting in /goform/fromqossetting, where manipulating the qos argument triggers a stack-based buffer overflow. This enables a remote attacker to potentially execute arbitrary code with high i...
PT-2024-13209 · Litespeed Technologies · Litespeed Cache
Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache versions n/a through 5.7 Description: The issue is related to a Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache. This vulnerability allows for remote attacks due to the lack of proper authorizatio...
Updated perl-HTTP-Body packages fix security vulnerability
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume...
CVE-2024-25700 Persistent XSS in URL added to a shared map
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary...
CVE-2024-27335
CVE-2024-27335 – Kofax Power PDF : PNG file parsing has an out-of-bounds read due to missing validation of user data, enabling remote code execution. Impact is high and requires user interaction (visit malicious page or open a malicious file). Documented details come from ZDI/NVD; no fix version ...
ROS-20240402-22
Moodle virtual learning environment vulnerability is related to lack of additional comment cleanup Wiki. Exploitation of the vulnerability could allow an attacker acting remotely to perform a cross-site scripting attacks XSS A vulnerability in the Moodle virtual learning environment is related to...
PT-2024-19362 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to a denial of service that can be triggered by a specially crafted query on certain columnar tables. This can lead to remote...
CVE-2015-10131
A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function adminpageload/adminpage of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely...
CVE-2024-2927
A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploi...
CVE-2024-2911
CVE-2024-2911 concerns Tianjin PubliCMS 4.0.202302.e, where a cross-site request forgery (CSRF) vulnerability exists in an unknown component. The vulnerability can be triggered remotely, with the exploit publicly disclosed and the vendor reportedly unresponsive. Connected sources (Red Hat, CNVD/C...
CVE-2024-27927
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...
PT-2024-21743 · Unknown · Social Media Share Buttons
Name of the Vulnerable Software and Affected Versions: Social Media Share Buttons versions 2.1.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which affects the Social Media Share Buttons plugin. This could potentially allow for remote attacks. Recommendation...
CVE-2024-2531
A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...