UBUNTU-CVE-2024-3374

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions...

CVE-2024-32352

The CVE-2024-32352 entry concerns TOTOLINK X5000R firmware 9.1.0cu.2350_B20230313. A authenticated remote command execution vulnerability exists in the ipsecL2tpEnable parameter of the cstecgi.cgi binary. Affected component: cstecgi.cgi handling for ipsecL2tpEnable. Impact as described: authentic...

CVE-2024-32350

TOTOLINK X5000R is affected. Version 9.1.0cu.2350_B20230313 contains an authenticated remote command execution (RCE) vulnerability in the cstecgi.cgi binary via the ipsecPsk parameter. Root cause: improper handling/filtering of input leading to arbitrary code execution. Impact: authenticated netw...

CVE-2024-32349

TOTOLINK X5000R firmware version 9.1.0cu.2350_B20230313 contains an authenticated remote command execution vulnerability via the mtu parameter in the cstecgi.cgi binary. The issue stems from insufficient filtering of special elements in the constructed snippet, enabling arbitrary code execution b...

GHSA-8XFC-GM6G-VGPV Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

Rockwell FactoryTalk Historian Installed (Windows)

Binary data rockwellfactorytalkhistorianinstalled.nbin...

PT-2024-24525 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an authenticated remote command execution via the mtu parameters in the "cstecgi.cgi" binary. Recommendations: For version 9.1.0cu.2350 B20230313, consider...

PT-2024-24529 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an authenticated remote command execution via the ipsecL2tpEnable parameter in the "cstecgi.cgi" binary. Recommendations: For TOTOLINK X5000R version...

F5 BIG-IP Next Central Manager < 20.2.0 SQLi (K000138732) (Direct Check)

Binary data bigipnextcentralmanagercve-2024-21793.nbin...

Debian dla-3813 : shim-helpers-amd64-signed-template - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3813 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3813-1 [email protected]...

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control C2 framework within a PNG image of the project's logo. The package employing this...

Safari < 17.5 Vulnerability

Binary data 701469.pasl...

Apple iOS < 16.7.8 Multiple Vulnerabilities (120898)

Binary data appleios1678check.nbin...

Apple iOS < 17.5 Multiple Vulnerabilities (120905)

Binary data appleios175check.nbin...

RHEL 6 : ssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 Note that Nessus has not tested for this...

RHEL 6 : amanda (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - amanda: Improper argument checking for runtar.c CVE-2023-30577 - In Amanda 3.5.1, an information leak...

RHEL 6 : gdb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code...

Neo4j Detection

Binary data neo4jdetect.nbin...

PT-2024-3754 · D Link · D-Link Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L Rev.B version 2.06B1 Description: A buffer overflow issue in the /bin/boa binary via the formWlanGuestSetup function allows remote authenticated users to trigger a denial of service DoS through the webpage parameter. This...

F5 BIG-IP Next Central Manager Installed (Linux)

Binary data f5bigipnextcentralmanagernixinstalled.nbin...