CVE-2023-41183 NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-41183

The CVE-2023-41183 issue affects NETGEAR Orbi 760 routers, where the SOAP API implementation lacks authentication, enabling network-adjacent attackers to bypass authentication and access protected functionality. The NVD/NIST records (and ZDI) confirm an authentication bypass with CVSSv3.0 metrics...

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to explo...

CVE-2024-1416 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invok...

CVE-2023-41970

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

CVE-2024-23462 ZCC Mac validinstaller file integrity check missing

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4...

DEBIAN-CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-26960

CVE-2024-26960 is described in connected Astra Linux and IBM bulletin entries as a Linux kernel race in mm/swap between free_swap_and_cache() and swapoff(). The vulnerability arises from a window where swapoff() could teardown a swap_info_struct while free_swap_and_cache() runs, potentially allow...

PT-2024-30811 · Jamf · Jamf Compliance Editor

Name of the Vulnerable Software and Affected Versions: Jamf Compliance Editor versions prior to 1.3.1 Description: The issue concerns a local privilege escalation in the XPC service within the audit functionality of Jamf Compliance Editor on macOS. Recommendations: For versions prior to 1.3.1,...

CVE-2024-23463

CVE-2024-23463 affects Zscaler Client Connector on Windows prior to 4.2.1. The anti-tampering protection can be bypassed when using the Repair App functionality, per connected sources (e.g., PT-2024-19886 and RH/CVE-2024-23463). Root cause is bypass of the built-in tamper protection during Repair...

CVE-2024-23463 Anti-Tampering bypass via Repair App functionality

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1...

PT-2024-19886 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.1 Description: The anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. Recommendations: For versions prio...

PT-2025-13364 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel's Bluetooth functionality. Specifically, when hci cmd sync queue fails in hci le terminate big or hci le big terminate, the...

ALSA-2024:2169 Moderate: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367...

Moderate: mod_jk and mod_proxy_cluster security update

The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...

PT-2025-13363 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel's Bluetooth functionality, specifically in the hci update adv data function. When hci cmd sync queue fails, the inst ptr is...

PT-2025-25903 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the ftrace functionality. This issue arises when ftrace startup enable fails, causing the...