CVE-2024-23772

CVE-2024-23774 : Quest KACE Agent for Windows versions 12.0.38 and 13.1.23.0 have an unquoted Windows search path vulnerability in KSchedulerSvc.exe and AMPTools.exe. This local attack could allow code execution with NT Authority\SYSTEM privileges. The available connected Red Hat advisories confi...

PT-2024-28072

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue concerns the Linux kernel, where a vulnerability has been resolved by adding BPF PROG TYPE CGROUP SKB attach type enforcement in BPF LINK CREATE. The bpf prog attach function uses...

PT-2024-40710 · Git +1 · Mosquitto

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue is reported, which can cause a crash. The crash occurs during specific function calls, including config add listener, config...

DEBIAN-CVE-2022-48659

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc fails In createuniqueid, kmalloc, GFPKERNEL can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUGON; kernel BUG at mm/slub.c:5893! Internal...

UBUNTU-CVE-2022-48659

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc fails In createuniqueid, kmalloc, GFPKERNEL can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUGON; kernel BUG at mm/slub.c:5893! Internal...

RHEL 7 : rh-postgresql10-postgresql (RHSA-2018:3757)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3757 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version:...

PYSEC-2024-208

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

PT-2024-24740 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the create from blueprint builtin can result in a double eval vulnerability when raw args=True and the args argument has side-effects. The build create IR function of the create from blueprin...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from the use of the createfromblueprint built-in function may lead to a security issue...

UBUNTU-CVE-2024-28130

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOIPList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

PT-2024-24522 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: Boid CMS version 2.1.0 Description: A cross-site scripting XSS vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. Recommendations:...

Honeywell Experion Server 安全漏洞

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which originates when the server receives an incorrectly formatted...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

PT-2024-24521 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: Boid CMS version 2.1.0 Description: A cross-site scripting XSS vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. Recommendations...

CVE-2024-21093

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromis...

Tourism Management System 安全漏洞

Tourism Management System is an American website builder for tourism management. A security vulnerability exists in Phpgurukul Tourism Management System version v2.0, which originates from a file upload vulnerability in tms/admin/create-package.php...

Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...

DEBIAN-CVE-2021-47196

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp...