Subnet mask missing in Windows once PVS target is booted via BDM

When booting a PVS target using a BDM with static IP and having DHCP enabled in the vdisk, Windows may be missing its subnet mask...

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Overview AE1021 and AE1021PE are information outlet type wireless LAN routers provided by FXC Inc. They contain multiple vulnerabilities listed below. Weak Authentication CWE-1390 - CVE-2024-47397 OS Command Injection CWE-78 - CVE-2024-53688 Inclusion of Undocumented Features CWE-1242 -...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper authorization settings that can be exploited by an attacker to use this API when FABADDSECURITYAPI is...

The vulnerability of the hda component in the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the hda component in the Linux operating system’s kernel is related to a memory leak in the islinkenabled function. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2024-53984

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...

Amazon Linux : Enabled Official Repositories and Extras

The remote host is using one or more Amazon Linux repositories to install packages. These repositories may be used in conjuntion with Amazon Linux OS package level assessment security advisories to determine whether or not relevant repositories are installed before checking package versions for...

UBUNTU-CVE-2024-53984

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...

PT-2024-35979 · Victure · Victure Rx1800 Wifi 6 Router

Name of the Vulnerable Software and Affected Versions: Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933 Description: A problem was discovered in Victure RX1800 WiFi 6 Router devices where the TELNET service is enabled by default with admin/admin as default credentials and is exposed over...

Contiki-NG 缓冲区错误漏洞

Contiki-NG is a Contiki-NG open source operating system for resource-constrained devices in the Internet of Things. A buffer error vulnerability exists in Contiki-NG that originates from a 1-byte out-of-bounds read that may be triggered when sending a packet to a device running the SNMP-enabled...

CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

Broadcom SANnav 日志信息泄露漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A log information disclosure vulnerability exists in Broadcom SANnav versions prior to 2.3.0 and 2.2.2, which stems from the recording of sensitive fields in logs when debugging is enabled, which could lead to t...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

io.quarkiverse.cxf:quarkus-cxf: Quarkus CXF may log user password and secret to application log

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

CVE-2024-50303 resource,kexec: walk_system_ram_res_rev must retain resource flags

In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walksystemramresrev must retain resource flags walksystemramresrev erroneously discards resource flags when passing the information to the callback. This causes systems with IORESOURCESYSRAMDRIVERMANAGED memory to...

DEBIAN-CVE-2023-39179

A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

UBUNTU-CVE-2023-39180

A flaw was found within the handling of SMB2READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required ...

DEBIAN-CVE-2024-52947

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from a malicious user being able to upload a manipulated SVG file with a referenced path after an...

CVE-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

Baxter Life2000 安全漏洞

Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which originated when enabled by default, that allows sending and receiving of unencrypted messages, which could result in unauthorized...