CVE-2024-28744

The vulnerability CVE-2024-28744 affects FURUNO ACERA 9010 devices in non MS mode with the initial configuration. In firmware v02.04 and earlier (both 9010-08 and 9010-24), the password is empty, allowing an unauthenticated attacker to log in without a password and potentially read or modify info...

CVE-2024-28744

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user...

PT-2024-23849

Name of the Vulnerable Software and Affected Versions Saleor versions 3.10.0 through 3.14.63 Saleor versions 3.15.0 through 3.15.38 Saleor versions 3.16.0 through 3.16.38 Saleor versions 3.17.0 through 3.17.34 Saleor versions 3.18.0 through 3.18.30 Saleor versions 3.19.0 through 3.19.18 Descripti...

PT-2024-22553 · Acera · Acera 9010-24 +1

Name of the Vulnerable Software and Affected Versions: ACERA 9010-08 firmware versions v02.04 and earlier ACERA 9010-24 firmware versions v02.04 and earlier Description: The password is empty in the initial configuration, allowing an unauthenticated attacker to log in with no password and obtain ...

ROS-20240401-04

HAProxy server software vulnerability is related to forwarding empty headers Content-Length. Exploitation of the vulnerability could allow an attacker acting remotely to perform an HTTP request smuggling attack. an HTTP request smuggling attack...

The vulnerability of the server software HAProxy, related to the rerouting of empty Content-Length headers, allows a hacker to perform a “HTTP request hijacking” attack.

The vulnerability of the server software HAProxy relates to the rerouting of empty headers called Content-Length. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

SUSE CVE-2021-47167

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in nfspageioaddrequest Ensure that nfspageioerrorcleanup resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfspageiodoaddrequest...

Hitachi Energy RTU500 安全漏洞

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used in industrial control systems. A security vulnerability exists in Hitachi Energy RTU500 series CMU Firmware, which originates from a problem in stb language file handling, and can be exploited by an attacker to...

DEBIAN-CVE-2021-47167

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in nfspageioaddrequest Ensure that nfspageioerrorcleanup resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfspageiodoaddrequest...

PT-2024-11214 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an Oopsable condition in the nfs pageio add request function. To resolve this, nfs pageio error cleanup has been updated to reset the mirror array contents,...

CLSA-2024-1710947240 Fix of 12 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-52449 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-url: https://ubuntu.com/security/CVE-2023-39197 - netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one CVE-url:...

CLSA-2024-1710945846 Fix of 9 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-52449 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier Bionic update: upstream stable patchset 2018-08-29 LP: 1789666 // CVE- url: https://ubuntu.com/security/CVE-2022-20567 - l2tp: fix refcount leakage on PPPoL2TP sockets Bionic upda...

SUSE CVE-2024-26632

In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bioforeachfolioall If the bio contains no data, biofirstfolio calls pagefolio on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bionextfolio to...

DEBIAN-CVE-2024-26632

In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bioforeachfolioall If the bio contains no data, biofirstfolio calls pagefolio on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bionextfolio to...

UBUNTU-CVE-2024-26632

In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bioforeachfolioall If the bio contains no data, biofirstfolio calls pagefolio on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bionextfolio to...

CVE-2024-26632 block: Fix iterating over an empty bio with bio_for_each_folio_all

In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bioforeachfolioall If the bio contains no data, biofirstfolio calls pagefolio on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bionextfolio to...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from iterating over an empty bio using bioforeachfolioall...

SUSE CVE-2023-52596

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

CVE-2023-52596

An out of bounds access flaw was found in empty sysctl registers in the Linux kernel. This may lead to a crash...

BIT-TENSORFLOW-2021-29580 Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...