591 matches found
IBM Db2 安全漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper memory allocation...
Moodle Remote Code Execution (CVE-2024-43425)
This module exploits a command injection vulnerability in Moodle CVE-2024-43425 to obtain remote code execution. Affected versions include 4.4 to 4.4.1, 4.3 to 4.3.5, 4.2 to 4.2.8, 4.1 to 4.1.11, and earlier unsupported versions. Module Options msf use exploit/linux/http/moodlerce msf...
Palo Alto Expedition 1.2.91 Remote Code Execution
class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...
PT-2024-33496 · Acronis · Acronis Cyber Protect 16
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 38690 Description: The archive-server service in Acronis Cyber Protect 16 has an excessive attack surface due to binding to an unrestricted IP address. This issue affects Acronis Cyber Protect ...
VulnCheck KEV: CVE-2023-28365
A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...
SUSE CVE-2024-46958
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...
Acronis多款产品 安全漏洞
Acronis Backup plugin for cPanel & WHM Linux, etc. is a plugin from Acronis Switzerland. A security vulnerability exists in various Acronis products, which stems from an unnecessary privilege assignment leading to the disclosure of sensitive data. The following products and versions are affected:...
Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear R7000 backup.cgi Heap Overflow RCE', 'Description' = %q This module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of...
Ray cpu_profile command injection
Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...
Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)
Summary IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verificati...
CVE-2024-5828
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00...
Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go
Summary Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go essentially VADP 'VM' backup. Vulnerabilities including execution of arbitrary code on the system, remote attacker can cause an infinite loop, as described by the CVEs in the...
CVE-2024-0086
NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin...
dnspod-sr Security Vulnerability
DNSPod dnspod-sr is a high-performance recursive DNS server software from China-based DNSPod running on the Linux platform. A security vulnerability exists in dnspod-sr that stems from the presence of a buffer overflow vulnerability...
dnspod-sr Security Vulnerability
DNSPod dnspod-sr is a high-performance recursive DNS server software from China-based DNSPod running on the Linux platform. A security vulnerability exists in dnspod-sr that stems from the inclusion of a SEGV memory error...
SUSE CVE-2023-47210
Improper input validation for some IntelR PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
phiola 安全漏洞
phiola is a fast audio player, recorder, and converter for Windows, Linux, and Android by Simon Zolin Personal Developer. A security vulnerability exists in phiola version v2.0-rc22, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to execute...
PHP < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-h746-cjrr-wfmr) - Linux
PHP is prone to a vulnerability in passwordverify. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
The vulnerability of the `dc_link_construct()` function (drm/amd/display) in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the dclinkconstruct function drm/amd/display in the Linux operating system is related to improper memory release before deleting the last reference. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
Google Chrome Security Vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome prior to 120.0.6099.62 Linux , Mac, 120.0.6099.62/.63 Windows, which stems from a post-release reuse issue in Side Panel Search...