PT-2023-2141 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version V7.4cu.2313 B20191024 Description: The issue is related to a command injection vulnerability. This vulnerability can be exploited via the enabled parameter at the "/setting/setWanIeCfg" API endpoint. The vulnerability...

CVE-2022-48342

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents...

PT-2023-15718 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.10.2 Description: The issue concerns JetBrains TeamCity, where jVMTI was enabled by default on agents. Recommendations: For versions prior to 2022.10.2, update to version 2022.10.2 or later to resolve...

K44553214: Web application firewall vulnerability CVE-2021-23050

Security Advisory Description When a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. CVE-2021-23050 Impact Traffic is disrupted until the bd process restarts. This vulnerability allows a remote...

K49711130: OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407

Security Advisory Description Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention.' CVE-2018-5407 also known as PortSmash Impact The vulnerability allows an attacker who can...

Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies

A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT. Cybersecurity firm ThreatMon attributed the activity to a threat actor tracked as SideCopy. SideCopy is a threat group of Pakistani origin that shares overlaps with...

Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies

A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT. Cybersecurity firm ThreatMon attributed the activity to a threat actor tracked as SideCopy. SideCopy is a threat group of Pakistani origin that shares overlaps with...

SUSE CVE-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

UBUNTU-CVE-2023-24998

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

SUSE CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

SUSE CVE-2006-0678

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service server crash via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553...

SUSE CVE-2006-1335

gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome...

SUSE CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

SUSE CVE-2006-4483

The cURL extension files 1 ext/curl/interface.c and 2 ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPTFOLLOWLOCATION option when openbasedir or safemode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache...

SUSE CVE-2007-4569

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors...

SUSE CVE-2009-0669

Zope Object Database ZODB before 3.8.2, when certain Zope Enterprise Objects ZEO database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol...

SUSE CVE-2009-1648

The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 aka SLE11 does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services...

SUSE CVE-2009-2089

The Migration component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file...

SUSE CVE-2009-2957

Heap-based buffer overflow in the tftprequest function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read aka RRQ request...

SUSE CVE-2009-2958

The tftprequest function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a TFTP read aka RRQ request with a malformed blksize option...