CVE-2024-41689 Hard-coded Credentials Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WP...

CVE-2024-41689

CVE-2024-41689 affects the SyroTech SY-GPON-1110-WDONT router. The root cause is the unencrypted storage of WPA/WPS credentials in the device firmware/database, enabling credential disclosure if the firmware is accessed. An attacker with physical access can extract the firmware, reverse‑engineer ...

CVE-2024-41688 Cleartext Storage of Sensitive Information Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the...

CVE-2024-41688

The CVE-2024-41688 entry refers to a cleartext storage vulnerability in the SyroTech SY-GPON-1110-WDONT Router, caused by lack of encryption when storing usernames and passwords in firmware/database. Exploitation requires physical access: an attacker can extract firmware, reverse engineer the bin...

CVE-2024-1737 BIND's database will be slow if a very large number of RRs exist at the same name

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 throug...

CVE-2024-1737

CVE-2024-1737 affects BIND 9 across multiple branches (e.g., 9.11.x, 9.16.x, 9.18.x, 9.19.x with various S1/patch levels). The issue: when resolver caches and authoritative zone databases hold a large number of resource records for the same hostname (any RTYPE), performance can degrade while cont...

CVE-2024-1737

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 throug...

CVE-2024-40628

CVE-2024-40628—JumpServer arbitrary file read : The vulnerability arises from exploiting an ansible playbook to read files inside the celery container, which runs as root and has database access. This can lead to sensitive data disclosure, theft of host secrets, creation of admin JumpServer accou...

CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver

JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...

CVE-2024-40629

CVE-2024-40629 affects JumpServer PAM. An attacker can misuse an Ansible playbook to write arbitrary files, triggering remote code execution in the Celery container. The Celery container runs as root and has database access, enabling access to secrets and the possibility to create an admin JumpSe...

CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver

JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...

Oracle MySQL Server 8.0.38, 8.4.1, 9.0.0 Security Update (cpujul2024) - Windows

Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-38495

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database...

CVE-2024-38491

The vulnerability allows an unauthenticated attacker to read arbitrary information from the database...

CVE-2024-38495 Symantec Privileged Access Manager User Enumeration vulnerability

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database...

CVE-2024-38495

CVE-2024-38495 concerns Broadcom Symantec Privileged Access Management (PAM). Multiple connected sources describe a vulnerability in an authentication mechanism that allows an attacker to learn IDs of all PAM users defined in the database. The available documents do not provide product version ra...

CVE-2024-38495 Symantec Privileged Access Manager User Enumeration vulnerability

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database...

CVE-2024-38491 Symantec Privileged Access Manager SQL Injection vulnerability

The vulnerability allows an unauthenticated attacker to read arbitrary information from the database...

CVE-2024-38491

CVE-2024-38491 is a SQL injection vulnerability in Broadcom Symantec Privileged Access Management (PAM) that allows an unauthenticated attacker to read arbitrary information from the PAM database. Connected sources confirm the affected product and root cause as SQL injection, with unauthenticated...

GHSA-CGCG-P68Q-3W7V langchain-experimental vulnerable to Arbitrary Code Execution

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...