2758 matches found
CGA-29VG-C625-F93H
Bulletin has no description...
CGA-MJH7-V2GP-8MH2
Bulletin has no description...
MGASA-2024-0198 Updated perl-Email-MIME packages fix security vulnerabilities
An excessive memory use issue CWE-770 exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set from 2020 and 2024 limits excessive depth and the total number of parts. CVE-2024-4140...
CVE-2024-34715
CVE-2024-34715 affects the Fides webserver, where an improper escaping of the SQLAlchemy password string can cause the database password to be partially exposed in webserver logs when the password contains characters like @ or $. This is due to insufficient escaping of the password in the connect...
PT-2024-31575 · WordPress · Kkprogressbar2 Free
Name of the Vulnerable Software and Affected Versions: KKProgressbar2 Free WordPress plugin versions 1.1.4.2 and earlier Description: The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add...
CVE-2024-28188
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...
DEBIAN-CVE-2023-52816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue 567.613292 shift exponent 255 is too large for 64-bit type 'long unsigned int' 567.614498 CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic 3422.04.1-Ubuntu 567.614502...
CLSA-2024-1716271951 less: Fix of CVE-2022-48624
CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...
SUSE CVE-2024-35940
In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the pszkmsgread kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity...
PT-2024-24848 · Unknown · Apppresser
Name of the Vulnerable Software and Affected Versions: AppPresser versions through 4.3.0 Description: The issue is related to missing authorization, which poses a high risk. It is recommended to check for signs of exploitation. Recommendations: For versions through 4.3.0, patch immediately to...
PT-2024-25119 · Unknown · Crmeb Java
Name of the Vulnerable Software and Affected Versions: crmeb java version 1.3.4 Description: The issue is related to a Server-Side Request Forgery SSRF in the mergeList method of the ImageMergeController class. This allows for potential exploitation. No information is provided about the estimated...
PT-2024-13316 · Linksys · Linksys Ea7500
Name of the Vulnerable Software and Affected Versions: LINKSYS EA7500 version 3.0.1.207964 Description: The issue allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. This enables the attacker to potentially gain control over the device. Recommendations: For...
PT-2024-3315 · Linksys · Linksys E5600
Name of the Vulnerable Software and Affected Versions: Linksys E5600 version 1.1.0.26 Description: The issue is related to a command injection vulnerability in the /API/info endpoint of the Linksys E5600 router's firmware. This vulnerability is caused by the failure to neutralize special elements...
uwiltrijles.nl Improper Access Control vulnerability OBB-3924876
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
RHEL 5 : sudo (RHSA-2019:4191)
The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:4191 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...
kartarkiv.no Improper Access Control vulnerability OBB-3922499
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aftenlandet.no Improper Access Control vulnerability OBB-3922145
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MGASA-2024-0149 Updated wireshark packages fix security vulnerability
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
instinctools.com Cross Site Scripting vulnerability OBB-3921856
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...