6773 matches found
SUSE SLES15 Security Update : kernel (Live Patch 28 for SLE 15 SP4) (SUSE-SU-2025:0111-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0111-1 advisory. This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: - CVE-2024-50264:...
CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
CVE-2024-47572
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file...
CVE-2024-12008
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-57628
An issue in the expvaluessetsupertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
PT-2025-3495 · Monetdb · Monetdb Server
Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.49.1 Description: The issue in the exp values set supertype component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.49.1, consider...
Fortinet FortiSOAR 安全漏洞
Fortinet FortiSOAR is a Secure Orchestration, Automation, and Response SOAR solution from Fortinet. A security vulnerability exists in Fortinet FortiSOAR that stems from the improper neutralization of formula elements in a csv file. An attacker can use this vulnerability to execute unauthorized...
UBUNTU-CVE-2024-49568
In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2extoffset/eidcnt/ismgidcnt when receiving proposal msg When receiving proposal msg in server, the fields v2extoffset/ eidcnt/ismgidcnt in proposal msg are from the remote client and can not be fully trusted...
SUSE CVE-2024-56596
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfsreaddir The stbl might contain some invalid values. Added a check to return error code in that case...
REDCap 安全漏洞
REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6, which stems from a lack of CSRF protection for the logout feature, which allows an attacker to send a CSV file to the victim to view uploaded data...
PT-2025-4826 · Redcap · Redcap
Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A Reflected cross-site scripting XSS vulnerability exists in the email-subject field when uploading a CSV file containing a list of alert configurations. An attacker can send a CSV file with the XSS payload ...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
UBUNTU-CVE-2024-51737
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an...
Timing Attack
tecnickcom/tcpdf is vulnerable to a Timing Attack. The vulnerability is due to the use of loose comparison != in the unserializeTCPDFtag function, which lacks a constant-time comparison, allowing an attacker to infer hash values through timing discrepancies...
SUSE CVE-2024-12426
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...
CVE-2024-12426
A flaw was found in LibreOffice. This issue may allow the exposure of environmental variables and arbitrary INI file values, leading to sensitive information disclosure via crafted URLs embedded in documents...
CVE-2024-12426
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...
DEBIAN-CVE-2024-12426
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...
UBUNTU-CVE-2024-12426
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...