CVE-2024-53100

CVE-2024-53100: Linux kernel nvme-tcp fix for a race between queue_lock usage in nvme_tcp_get_address() and destruction in nvme_tcp_free_queue(). The commit 76d54bf20cdc adds a mutex_lock for queue->queue_lock, but this can race with mutex_destroy(), triggering a WARN during error recovery. A ...

CVE-2024-52811 Acks not validated before logged to qlog leads to buffer overflow in ngtcp2

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...

CVE-2024-52811 Acks not validated before logged to qlog leads to buffer overflow in ngtcp2

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...

CVE-2024-52811

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...

CVE-2022-43936

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

CVE-2022-43936 Brocade Fabric OS switch passwords when debugging is enabled

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

CVE-2022-43936 Brocade Fabric OS switch passwords when debugging is enabled

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

Broadcom SANnav 日志信息泄露漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A log information disclosure vulnerability exists in Broadcom SANnav versions prior to 2.3.0 and 2.2.2, which stems from the recording of sensitive fields in logs when debugging is enabled, which could lead to t...

Broadcom SANnav 日志信息泄露漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A log information disclosure vulnerability exists in Broadcom SANnav versions prior to 2.2.2, which originates from logging Fabric OS switch passwords when debugging is enabled, which could lead to the disclosur...

Local File Inclusion (LFI)

symfony/runtime is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper handling of the argv values in non-SAPI PHP runtimes, where the registerargvargc directive is set to on, allowing attackers to craft query strings that modify the environment or debug settings used by...

CVE-2022-20648 Cisco Redundancy Configuration Manager Debug Information Disclosure Vulnerability

A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted. This vulnerability exists because of a debug service that...

CVE-2024-48970

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure...

Intel SDP Tool 安全漏洞

Intel SDP Tool is a server debugging and configuration tool from Intel Corporation USA. A security vulnerability exists in Intel SDP Tool that stems from incorrect default permissions. An attacker can exploit the vulnerability to elevate privileges...

kernel: cxl/region: Avoid null pointer dereference in region lookup

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxldpatoregion looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it...

SoftBank Mesh Wi-Fi router RP562B 安全漏洞

SoftBank Mesh Wi-Fi router RP562B is a router from SoftBank Japan. A security vulnerability exists in SoftBank Mesh Wi-Fi router RP562B version 1.0.2 and earlier, which stems from an active debugging code vulnerability that could allow an attacker to obtain or change the settings of the device...

gcc-toolset-14-dwz bug fix and enhancement update

An update is available for gcc-toolset-14-dwz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dwz package contains a program that attempts to optimize DWARF...

Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

The vulnerability of the SIMATIC Reader software for editing and managing projects and documents allows a perpetrator to enable debugging functions.

The vulnerability of the SIMATIC Reader software for editing and managing projects and documents is related to the presence of undocumented configuration commands. Exploiting this vulnerability could allow an attacker to enable debugging functions...