CVE-2024-24195

robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c...

CVE-2024-24192

robdns commit d76d2e6 was discovered to contain a heap overflow via the component block-filename at /src/zonefile-insertion.c...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a possible use-after-free issue in ftracelocation. KASAN reports a bug: BUG: KASAN: use-after-free in ftracelocation+0x90/0x120 Reading an 8-byte value at address ffff888141d40010 by task insmod/424 CPU: 8 PID: 4...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: UDP: The flag SOCKRCUFREE was set earlier in the udplibgetport function. The syzkaller triggered a warning 0 in the udpv4earlydemux function. In udpv46earlydemux and sklookup, we do not touch the refcount of the sk object;...

Azure Linux 3.0 Security Update: kernel (CVE-2024-50002)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50002 advisory. - In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure...

CVE-2024-33637

Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1...

CVE-2025-23774 WordPress WPDB to Sql plugin <= 1.2 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Niket Joshi WPDB to Sql wpdb-to-sql allows Retrieve Embedded Sensitive Data.This issue affects WPDB to Sql: from n/a through = 1.2...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-57036

CVE-2024-57036 applies to TOTOLINK A810R, specifically version 4.1.2cu.5032_B20200407. The vulnerability is a command insertion flaw in the downloadFile.cgi main function that allows an attacker to execute arbitrary commands by sending a crafted HTTP request. The reported CVSSv3.1 base score is 8...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to the failure to sanitize HTML before replacing the embed shortcode with oEmbed JSON data in the "insert media" functionality, allowing a script payload to be executed on both the CMS and front-end of th...

UBUNTU-CVE-2024-55503

An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLDINSERTLIBRARIES component...

CVE-2024-53219

In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...

CVE-2024-12912

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

CVE-2024-12912

CVE-2024-12912 describes an improper input insertion vulnerability in ASUS AiCloud on certain router models that may lead to arbitrary command execution. The vulnerability is documented with a network attack vector, requiring high privileges and no user interaction, and it has a high impact on co...

UBUNTU-CVE-2024-56803

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

SUSE CVE-2024-53219

In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...

AZL-67605 CVE-2024-53219 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...