PT-2024-36433 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The issue concerns a Remote Code Execution vulnerability in the /bin/boa via formWsc. This allows for unauthorized code execution. Recommendations: For TOTOLINK A3002R version...

RHSA-2024:1868

creationtimestamp| type| source ---|---|--- 2024-11-17 10:25:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113497810108556154 2025-03-06 15:10:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6677 2025-03-26 19:26:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8934...

Fedora 41 : aardvark-dns (2024-30ed35ba86)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-30ed35ba86 advisory. Security fix for CVE-2024-8418 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 37 : xorg-x11-server (2022-3d88188071)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3d88188071 advisory. Fix buggy patch to CVE-2022-46340 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

PT-2024-7874 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update or 2022 SU6 November Security Update Description: The issue is related to a SQL injection vulnerability in Ivanti Endpoint Manager. This vulnerability allows a remote...

CVE-2024-50220 fork: do not invoke uffd on fork if error occurs

In the Linux kernel, the following vulnerability has been resolved: fork: do not invoke uffd on fork if error occurs Patch series "fork: do not expose incomplete mm on fork". During fork we may place the virtual memory address space into an inconsistent state before the fork operation is complete...

CVE-2024-2410 affecting package mysql for versions less than 8.0.40-2

CVE-2024-2410 affecting package mysql for versions less than 8.0.40-2. A patched version of the package is available...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-8876)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8876 advisory. - Rebase to Go1.22.5 to fix CVE-2024-24791 - Addresses CVEs-2024-24789 and CVE-2024-24790 - Rebase to Go1.22.5 to fix CVE-2024-24791 - Addresses CVEs-2024-24789...

PT-2025-11655 · Synology · Synology Application Service +1

Name of the Vulnerable Software and Affected Versions: Synology Replication Service versions prior to 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423 Synology Unified Controller DSMUC versions prior to 3.1.4-23079 Description: The vulnerability is an off-by-one error in the transmission component of...

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1. A patched version of the package is available...

CVE-2024-26875 affecting package kernel for versions less than 5.15.167.1-2

CVE-2024-26875 affecting package kernel for versions less than 5.15.167.1-2. A patched version of the package is available...

CVE-2023-52601 affecting package kernel for versions less than 5.15.167.1-2

CVE-2023-52601 affecting package kernel for versions less than 5.15.167.1-2. A patched version of the package is available...

Ruby REXML < 3.3.9 ReDoS vulnerability

The version of the REXML Ruby library installed on the remote host is prior to 3.3.9. It is, therefore, affected by a ReDoS vulnerability. The vulnerability lies when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with...

PT-2024-33175 · Unknown · Total.Js Cms

Name of the Vulnerable Software and Affected Versions: Total.js CMS version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the func.js file. Recommendations: For Total.js CMS version 1.0, update the func.js file to prevent arbitrary code execution or consider...

CLSA-2024-1729629058 python-lxml: Fix of CVE-2021-43818

CVE-2021-43818: prevent certain crafted script content passing through in HTML Cleaner...

CLSA-2024-1729627812 Fix CVE(s): CVE-2024-8927

SECURITY UPDATE: insecure configuration vulnerability - debian/patches/CVE-2024-8927.patch: fix bypass of cgi.forceredirect configuration - CVE-2024-8927...

PT-2024-33260 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: An improper access control vulnerability could allow a local attacker to escalate privileges on affected installations. To exploit this issue, an attacker must first obtain the ability t...

DEBIAN-CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

CVE-2024-44990 affecting package kernel for versions less than 6.6.51.1-1

CVE-2024-44990 affecting package kernel for versions less than 6.6.51.1-1. An upgraded version of the package is available that resolves this issue...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-43855)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43855 advisory. - In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddevsuspend an...