Astra Linux - уязвимость в glibc

The mqnotify function in the GNU C Library also known as glibc versions 2.32 and 2.33 has a use-after-free vulnerability. It may access the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, resulting in a denial of service...

Python Library OpenEXR 2.3.x / 3.x < 3.2.6 / 3.3.x < 3.3.8 / 3.4.x < 3.4.6 Heap Buffer Overflow

The version of the OpenEXR Python package installed on the remote host is 2.3.x or 3.x prior to 3.2.6, 3.3.x prior to 3.3.8, or 3.4.x prior to 3.4.6. It is, therefore, affected by a heap buffer overflow vulnerability: - In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in a...

Audiobookshelf 跨站脚本漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.0 contained a cross-site scripting vulnerability. This vulnerability was caused by malicious library metadata, leading to storage-based cross-site scripting, which could...

webkitgtk: Logic issue leading to arbitrary code execution

A logic issue was found in WebKitGTK and WPE WebKit in versions prior to 2.32.0. A remote attacker may be able to cause arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

SUSE CVE-2017-3615

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

SUSE CVE-2019-2875

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2023-22366

CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution...

GHSA-WJ5C-J656-H5FW Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

In Jenkins before versions 2.44 and 2.32.2, node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

...

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

...

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

...

CVE-2021-26585

A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32...

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a denial of service (application crash) or possibly unspecified other impact.

...

DEBIAN-CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

PT-2021-5556 · Unknown +10 · Gnu C Library +10

Name of the Vulnerable Software and Affected Versions: GNU C Library glibc versions 2.32 and earlier Description: The issue is related to the iconv function in the GNU C Library, which fails to advance the input state when processing invalid multi-byte input sequences in certain encodings, such a...

UBUNTU-CVE-2019-2877

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

GNU Binutils Excessive Memory Allocation Attempt Vulnerability

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. An excessive memory allocation attempt vulnerability exists in elfreadnotes in elf.c in the Binary File Descriptor BFD library known as libbfd used...

Apache httpd denial of service vulnerability (CNVD-2017-11803)

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in the HTTP strict parsing changes added to Apache httpd versions 2.2.32 and 2.4.24. An attacker could exploit...

CVE-2017-3605

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...