CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system...

CVE-2024-33008

CVE-2024-33008 affects SAP Replication Server. An attacker can use a gateway to RSSD to execute commands, potentially causing memory corruption and a high impact on Availability. Documented impact aligns with network-exploitability, low complexity, but requires high privileges; exploitation statu...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a cracking...

RHEL 6 : hivex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - hivex: Buffer overflow when provided invalid node key length CVE-2021-3504 - A flaw was found in the hive...

RHEL 8 : grub2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grub2: Use-after-free in rmmod command CVE-2020-25632 - grub2: Out-of-bounds write in...

RHEL 5 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: ACL restrictions bypass due to saslssf value being set permanently CVE-2019-13565 - An issue wa...

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

CentOS 9 : rpm-4.16.1.3-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the rpm-4.16.1.3-26.el9 build changelog. - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced ...

The vulnerability of the fromP2pListFilter function in the microprogramming software for Tenda routers, F1202, FH1202, PA202, and PW201A, allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromP2pListFilter function in the microprogramming software for Tenda F1202, FH1202, PA202, and PW201A routers is related to buffer overflows in the stack when processing the page parameter. Exploiting this vulnerability can allow an attacker to compromise the...

Privilege Escalation in kubevirt

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances VMIs can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any...

GHSA-828R-R2C8-RFW3 Privilege Escalation in kubevirt

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances VMIs can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any...

CBL Mariner 2.0 Security Update: cri-o (CVE-2022-1708)

The version of cri-o installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1708 advisory. - A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with...

NewStart CGSL CORE 5.04 / MAIN 5.04 : rpm Vulnerability (NS-SA-2024-0010)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has rpm packages installed that are affected by a vulnerability: - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seeming...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libldb Vulnerability (NS-SA-2024-0010)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libldb packages installed that are affected by a vulnerability: - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash o...

The vulnerability of the Grafana monitoring and surveillance platform, related to bypassing authentication through spearphishing, allows attackers to gain unauthorized access to information and compromise its integrity and availability.

The vulnerability of the Grafana monitoring and observation platform is related to the escalation of privileges from the administrator to another administrator when using a authentication proxy server. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the asynchronous messaging library ZeroMQ, related to the occurrence of stack buffer overflows on the server, allows attackers to compromise the confidentiality, integrity, and accessibility of the system.

The vulnerability of the asynchronous messaging library ZeroMQ relates to the invocation of a buffer overflow on the server. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the system by sending specially crafted subscription...

Advisory ROSA-SA-2024-2387

Software: slapi-nis 0.56.6 OS: ROSA Virtualization 2.1 packageevrstring: slapi-nis-0.56.6-2.rv3 CVE-ID: CVE-2021-3480 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dereferencing a null pointer during DN binding analysis could allow an unauthenticated attacker to cause the 389-ds-base directory server to...

Medium: rpm

Issue Overview: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data...

KLA67585 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2024-06 · T.38 dissector crash Related products Wireshark CVE list CVE-2024-2955 critical Solution Update to the latest version Download...

The vulnerability of Dell PowerEdge server BIOS microprogramming software, related to the possibility of buffer overflows, allows attackers to compromise its integrity and accessibility.

The vulnerability of Dell PowerEdge server BIOS microprogramming software is related to the possibility of buffer overflow attacks. Exploiting this vulnerability can allow an attacker to compromise the integrity and availability of the system...