CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas...

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

krb5 security update

1.18.2-31.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-31 - Prevent overflow when calculating ulog block size CVE-2025-24528 Resolves: RHEL-78248 - kdb5util: fix DB entry flags on modification Resolves: RHEL-56060...

Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

Denial Of Service (DoS)

Keylime is vulnerable to Denial-of-Service DoS. The vulnerability is due to improper handling of database entries due to stricter type checking, which prevents previously stored data from being processed, leading to application failure when querying attacker-populated entries...

Fedora 40 : krb5 (2025-61b9344baf)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-61b9344baf advisory. - Prevent overflow when calculating ulog block size CVE-2025-24528 - Support PKCS11 EC client certs in PKINIT - kdb5util: fix DB entry flags on modification ...

PT-2025-25812

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description The issue is related to data races in the vxlan module of the Linux kernel. Specifically, the used and updated fields in the FDB entry structure can be accessed concurrently by...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute custom queries and access database...

CVE-2024-23807

creationtimestamp| type| source ---|---|--- 2024-02-16 19:31:50+00:00| seen| https://t.me/ctinow/186591 2024-02-29 02:56:25+00:00| seen| https://t.me/ctinow/196112 2024-02-29 03:03:00+00:00| seen| https://t.me/ctinow/196129 2024-03-08 09:26:15+00:00| seen| https://t.me/ctinow/203164 2026-01-21...

MCL-Net 4.3.5.8788 - Information Disclosure Vulnerability

Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure Exploit Author: Victor A. Morales, GM Sectec Inc. Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php Version: 4.3.5.8788 other versions may be affected Tested on: Microsoft Windows 10 Pro CVE: CVE-2023-34834 Description:...

SUSE CVE-2007-2948

Multiple stack-based buffer overflows in stream/streamcddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long 1 album title or 2 category...

GHSA-JQ7X-GM9R-V8M7 Moodle allows attackers to obtain sensitive information

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher...

Moodle allows attackers to obtain sensitive information

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a Python-based exploit for the CVE-2021-3156 vulnerability in sudo. The exploit targets Linux systems with glibc and nscd service not running. It overwrites the struct serviceuser to gain root privileges. The exploit has several variants, including: 1. exploitnss.py: This is the main...

Binary vulnerability in jerryscript (CNVD-2020-72374)

erryScript is a lightweight JavaScript engine that runs on restricted devices. A binary vulnerability exists in jerryscript. An attacker could exploit this vulnerability to cause an impact on usability...

Google Android has an unspecified vulnerability (CNVD-2018-10037)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9625 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...

CVE-2018-4121

creationtimestamp| type| source ---|---|--- 2018-04-09 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44427...

Information Disclosure

Moodle is vulnerable to information disclosures. The application sets certain group IDs to 0 upon a database-entry change, allowing a malicious user to view group-level entries after being edited by a user with a teacher role...

Provisioning Services: Support Statement for Multiple PVS Farms pointing to different Databases in one Subnet

Question: Can we boot targets using PXE boot in Subnet where we have 2 PVSServer in 2 different farms pointing to different database? Answer: This is not supported because when targets boot using PXE services, it broadcasts a packet and if it contacts a PVS Server which does not have entry for...

Microsoft Windows Journal File Handling Arbitrary Code Execution Vulnerability (CNVD-2015-03113)

Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows' handling of specially crafted Journal .jnt files allows remote attackers to exploit the vulnerability to construct malicious files that can be parsed by a user and can be used in an application context...