PT-2024-25939 · Unknown · Faucet Sdn Ryu

Name of the Vulnerable Software and Affected Versions: Faucet SDN Ryu version 4.34 Description: The issue allows attackers to cause a denial of service, resulting in an infinite loop, via a specific condition where length=0. This is related to the OFPHello function in the parser.py file...

GHSA-V63G-V339-2673 Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the contex...

Important: Red Hat Security Advisory: updated rhceph-6.1 container image

Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilitie...

Critical: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update

An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support...

Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from the presence of an unauthenticated Denial of Servi...

mysql: Server: UDF unspecified vulnerability (CPU Oct 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

mysql: Server: UDF unspecified vulnerability (CPU Jan 2024)

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

DEBIAN-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-23190

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...

CVE-2023-52296

IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547...

PT-2024-14508 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to a denial of service condition that can occur when querying a specific UDF built-in function concurrently. Recommendations: For I...

VMware SD-WAN 安全漏洞

VMware SD-WAN is an application from VMware, Inc. decouples network software services from the underlying hardware to create virtualized network overlays. A security vulnerability exists in VMware SD-WAN Edge, which stems from the presence of a vulnerability that lacks authentication and protecti...

PT-2024-2561 · Vmware · Vmware Sd-Wan Edge

Name of the Vulnerable Software and Affected Versions: VMware SD-WAN Edge affected versions not specified Description: The issue is related to an unauthenticated command injection vulnerability in the VMware SD-WAN Edge, potentially leading to remote code execution. A malicious actor with local...

Technicolor TC8715D 安全漏洞

The Technicolor TC8715D is a wireless router from Technicolor France. A security vulnerability exists in the Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T. A remote attacker could use this vulnerability to conduct cross-site scripting attacks via the User Defined Service i...

CVE-2024-28091

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managedservicesadd.asp the victim must click an X for a deletion...

PT-2024-22259 · Technicolor · Tc8715D

Name of the Vulnerable Software and Affected Versions: Technicolor TC8715D version TC8715D-01.EF.04.38.00-180405-S-FF9-D Description: The issue allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed services add.asp. The victim must click...