6599 matches found
UBUNTU-CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
CVE-2024-50215 nvmet-auth: assign dh_key to NULL after kfree_sensitive
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
CVE-2024-50215 nvmet-auth: assign dh_key to NULL after kfree_sensitive
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
CVE-2024-50215
CVE-2024-50215 : The issue is in the Linux kernel nvmet-auth path. The controller key cb ctrl->dh_key could be reused after being freed in nvmet_destroy_auth() due to not nulling the pointer after kfree_sensitive. The fix, as cited in the connected Astra Linux/IBM/NVD entries, is to assign dh_...
CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
PT-2024-33493 · Umbrel · Umbrel
Name of the Vulnerable Software and Affected Versions: Umbrel versions prior to 1.2.2 Description: The login functionality of Umbrel contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the...
CVE-2024-10668
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk ...
CVE-2024-10668
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk ...
CVE-2024-10668 Auth Bypass in Quickshare
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk ...
CVE-2024-10668 Auth Bypass in Quickshare
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk ...
CVE-2024-10668
CVE-2024-10668 affects Google Quick Share for Windows prior to version 1.0.2002.2. Root cause: when a Payload Transfer frame of type FILE is received, the file is written to Downloads and Quick Share normally deletes unknown files; however, sending two Payload Transfer frames with the same payloa...
Vulnerability of the Server component: The Pluggable Auth feature of the Oracle MySQL Server database management system, which allows attackers to cause service interruptions.
The vulnerability of the Oracle MySQL Server component, related to the Pluggable Auth feature of the Oracle Database Management System, involves improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...
CVE-2024-45887
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...
CVE-2024-45891
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...
GO-2024-3228 Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder
Coder vulnerable to post-auth URL redirection to untrusted site 'Open Redirect' in github.com/coder/coder...
africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +7361 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.7.12)
org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =j8.2.4.0, =j8.2.4.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.6 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the parentField parameter in the index method of backend/controller/auth/Auth.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for...
SQL injection in funadmin
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48230
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...
Apache HugeGraph Server 1.0.x < 1.3.0 (CVE-2024-27348)
The version of Apache HugeGraph Server installed on the remote host is prior to 1.3.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27348 advisory. - RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server:...