CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...

GHSA-WQ63-VH5H-PR5P uutils coreutils has a UNIX Symbolic Link (Symlink) Following issue

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

Linux Distros Unpatched Vulnerability : CVE-2026-35372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is...

EUVD-2025-19521

Malicious code in bioql PyPI...

CVE-2024-8211

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This...

CVE-2024-48288

TP-Link TL-IPC42C V4.0202112271.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend...

CVE-2025-4443

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This...

QStar Archive Solutions Security Breach

QStar Archive Solutions is QStar's range of storage technologies for managing disk arrays, object storage, tape libraries, CD-ROM libraries, WORM, and clouds private and hybrid. A security vulnerability exists in QStar Archive Solutions RELEASE3-0 Build 7 version that stems from the presence of a...

PT-2024-14049 · Unknown · Qstar Archive Solutions

Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions Release RELEASE 3-0 Build 7 Patch 0 Description: An access control issue allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link...

CVE-2023-43130

D-LINK DIR-806 1200M11AC wireless router DIR806A1FW100CNb11 is vulnerable to command injection...

Command injection

D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis...

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 CVSS score: 8.8 - TP-Link Archer AX-21 Command Injection...

CVE-2022-41001

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

PT-2022-34699 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.258 Description: The issue concerns a potential off-by-one overflow in the il4965 rs fill link cmd function. This is an automated identification of a potential security issue, and the actual impact and...

PT-2022-34139 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue is related to a potential off-by-one overflow in the il4965 rs fill link cmd function. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

PT-2022-33893 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: The issue concerns a potential off-by-one overflow in the il4965 rs fill link cmd function. This function is related to wifi and specifically the iwlegacy 4965 module. The actual impact and...

CentOS: Security Advisory for bpftool (CESA-2020:5023)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Fedora Core 3 : perl-5.8.5-22.FC3 (2005-1145)

o Updated upstream fix for sprintf integer overflow vulnerabilities CVE-2005-3962 and CVE-2005-3912, including new Sys::Syslog 0.08 o Updated fix for bug 136009 / MakeMaker LDRUNPATH issue: restore previous default Red Hat behavior of removing the MakeMaker generated LDRUNPATH setting from the li...