6667 matches found
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...
CVE-2024-40515
CVE-2024-40515 affects SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro (V16.03.29.48_cn). The vulnerability allows remote code execution via the device’s Routing functionality. Multiple connected sources confirm a network-remote compromise with high impact (C/H/I/A). Root cause details are not exh...
PT-2024-28892 · Tenda · Tenda Ax2Pro
Name of the Vulnerable Software and Affected Versions: Tenda AX2pro version V16.03.29.48 cn Description: The issue allows a remote attacker to execute arbitrary code via the Routing functionality. Recommendations: For Tenda AX2pro version V16.03.29.48 cn, consider disabling the Routing...
CVE-2024-40516
CVE-2024-40516 affects H3C Magic RC3000 RC3000V100R009. The vulnerability exists in the Routing functionality and enables a remote attacker to execute arbitrary code. Reported severity is CVSS 3.1 base score 8.8 (HIGH) with adjacent attack vector, no privileges, no user interaction required, and ...
PT-2024-28893 · H3C · H3C Magic Rc3000
Name of the Vulnerable Software and Affected Versions: H3C Magic RC3000 version RC3000V100R009 Description: The issue allows a remote attacker to execute arbitrary code via the Routing functionality. Recommendations: For version RC3000V100R009, consider disabling the Routing functionality until a...
CVE-2024-40516
An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality...
CVE-2024-40516
An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality...
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Summary The maintainer been contemplating whether FTP or other protocols could serve as useful functionalities, but there may not be a practical reason for it since we are utilizing headless Chrome to capture screenshots. The argument is based on the assumption that this package can function as a...
BGP Routing and RHI Functionality in NetScaler
This article provides information about BGP routing in NetScaler and some of the sample BGP configurations. It gives a brief overview of the RHI functionality. Route Health Injection RHI The primary purpose of dynamic routing in NetScaler is to communicate the state or health of VIPs to the...
Virtual Desktop Agent Registration with Controllers in XenDesktop
Virtual Desktop Agent Registration with Controllers in XenDesktop. Event ID: 1022 Event ID: 1001 For successful installation, re-install Virtual Desktop 5.5. After the installation is successful, the following message is displayed: “Unable to initialize new components. The machine will register a...
FAQ: Fail-To-Wire Feature in CloudBridge 2000 and 3000 Appliances
This article is an FAQ on the Fail-To-Wire FTW functionality found in the new Citrix CloudBridge 2000 and Citrix CloudBridge 3000 appliances. Q: What is the supported software release? A : The FTW feature is supported with the following software releases: SVM build: NS 10.0.72.5007 CloudBridge...
(Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability
This vulnerability allows network-adjacent attackers to downgrade Synology software on affected installations of Synology BC500 cameras. Authentication is required to exploit this vulnerability. The specific flaw exists within the update functionality. The issue results from the lack of proper...
PT-2024-37793 · Unknown · Witmy My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus affected versions not specified Description: A critical issue has been found, affecting an unknown functionality of the file /api/user. The manipulation of the params.dataScope argument leads to SQL injection. The...
Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to OpenSSL (CVE-2024-2511)
Summary OpenSSL is used to provide TLS functionality within IBM DataPower Gateway Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...
CVE-2024-6598
KNIME Business Hub versions 1.10.0 and 1.10.1 are affected by a denial-of-service vulnerability in the execution path. An authenticated attacker with job execution privileges can run a job that floods internal messages, exhausting resources and causing outage of most functionality. Recovery requi...
CVE-2024-37430
CVE-2024-37430 affects Patreon WordPress plugin (Patreon Connect) for WordPress,
CVE-2024-37430 WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through = 1.9.0...
CVE-2024-37430 WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through = 1.9.0...
CVE-2023-38052 A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /admins/adminId allows a low privileged user to fetch, modify or delete a high privileged user admin. This results in unauthorized access and unauthorized data manipulation...
WordPress Houzez Theme - Functionality plugin <= 3.2.2 - Authenticated (Seller+) SQL Injection vulnerability
WordPress Houzez Theme - Functionality plugin = 3.2.2 - Authenticated Seller+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin Houzez Theme - Functionality versions = 3.2.2...