CVE-2024-1622

CVE-2024-1622 affects Routinator: a bug in the RTR listener causes termination when an incoming RTR connection is closed quickly after opening due to insufficient error checking. The fix was implemented in the Routinator project (referenced in Fedora advisories), and advisories note the CVE was a...

AnythingLLM Security Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a security vulnerability that stems from insufficient password checking...

PT-2024-18173 · Unknown · Routinator

Name of the Vulnerable Software and Affected Versions: Routinator affected versions not specified Description: The issue arises due to a mistake in error checking, causing Routinator to terminate when an incoming RTR connection is reset by the peer too quickly after opening. Recommendations: At t...

Google Pixel Buffer Overflow Vulnerability (CNVD-2024-09897)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of boundary checking. An attacker can exploit the vulnerability to escalate privileges...

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

Authorization

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

GHSA-C9VV-FHGV-CJC3 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

Oracle Linux 8 : edk2 (ELSA-2024-0888)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0888 advisory. 20220126gitbb1bba3d77-6.el89.3 - edk2-Bumped-openssl-submodule-version-to-cf317b2bb227.patch RHEL-7560 - Resolves: RHEL-7560 CVE-2023-3446 edk2: openssl:...

moodle 安全漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A denial-of-service vulnerability exists in Moodle, which stems from insufficient file size checking, and can be exploited by an attack...

Hazelcast Platform permission checking in CSV File Source connector

Impact In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. Patches Fix...

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

CVE-2023-45860

Hazelcast Platform up to 5.3.4 is affected by a permission-checking flaw in the SQL mapping for the CSV File Source connector, potentially enabling unauthorized clients to read files on a member’s filesystem. Root cause: inadequate access checks. Impact: data exposure of local files. Remediation:...

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

Hazelcast Security Breach

Hazelcast Hazelcast IMDG is a set of scalable open source data distribution platform of the U.S. Hazelcast company . The platform supports a variety of distributed data structures, supports distributed caching and other features. A security vulnerability exists in Hazelcast 5.3.4 and earlier...

CVE-2022-23085

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

CVE-2022-23085 Potential jail escape vulnerabilities in netmap

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

CVE-2021-46757

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation...

CVE-2021-46757

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation...

AMD Embedded Processors Security Vulnerability

AMD Embedded Processors is a family of embedded high-performance GPUs from UltraMicroelectronics AMD. A security vulnerability exists in AMD Embedded Processors that stems from insufficient memory buffer checking in ASP...

CVE-2023-6036

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site,...