45 matches found
Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2024-37045)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
EUVD-2022-24706
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2025-20362
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
CVE-2025-23155 net: stmmac: Fix accessing freed irq affinity_hint
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinityhint In stmmacrequestirqmultimsi, a pointer to the stack variable cpumask is passed to irqsetaffinityhint. This value is stored in irqdesc-affinityhint, but once stmmacrequestirqmultim...
CVE-2025-27150
This CVE concerns Tuleap: the password used to connect to the Redis instance is not purged from the archives created by tuleap collect-system-data. The exposed password could be accessed by support teams who should not have it. Affected versions: Tuleap Community Edition prior to 16.4.99.17404928...
CVE-2025-27094
CVE-2025-27094 affects Tuleap Community Edition 16.4.99.1739806825–16.4.99.1739877910 and Tuleap Enterprise Edition prior to 16.3-9 or 16.4-4. The issue allows a user with tracker access to force-reset certain field configurations, leading to potential information loss; specific attributes for da...
CVE-2024-54535
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders...
OPENSUSE-SU-2024:13866-1 perl-CryptX-0.80.0-3.1 on GA media
These are all security issues fixed in the perl-CryptX-0.80.0-3.1 package on the GA media of openSUSE Tumbleweed...
CVE-2023-24619
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...
GHSA-F5R8-7H4F-JR9X Moodle incorrect access control
A vulnerability was found in Moodle where users with "Log in as" capability in a course context typically, course managers may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier...
GSD-2022-1002100 udmabuf: validate ubuf->pagecount
udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit b267a8118c2b171bf7d67b90ed64154eeab9fae0, i...
CVE-2022-25294
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...
Code injection
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...
CVE-2022-25294
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...
OPENSUSE-SU-2021:1311-1 Security update for transfig
This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function readcolordef bsc1186329. - CVE-2019-19797: out-of-bounds write in readcolordef in read.c bsc1159293. - CVE-2019-19555: stack-based buffer...
GHSA-5V95-V8C8-3RH6 Privilege escalation in rbac
Impact Using a carefully crafted request or malicious proxy, a user with UserWrite permissions could create another user with higher privileges than their own due to insufficient checks on the allowed set of permissions. The event would be captured in the Event Log. Patches The issue has been fix...
CVE-2021-21371
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...
CVE-2020-3284 Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
A vulnerability in the enhanced Preboot eXecution Environment PXE boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...
Design/Logic Flaw
A vulnerability in the out of band OOB management interface IP table rule programming for Cisco Application Policy Infrastructure Controller APIC could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB...