CVE-2024-4741 Use After Free with SSL_free_buffers

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

CVE-2024-4741 Use After Free with SSL_free_buffers

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

CVE-2024-45877

baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...

kernel: Integer Overflow in raid5_cache_count

Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM md, raid, raid5 modules allows Forced Integer Overflow...

kernel: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

rhel-system-roles bug fix update

An update is available for rhel-system-roles. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rhel-system-roles package includes a collection of Ansible role...

RHEL 6 : openstack-packstack and openstack-puppet-modules update (Important) (RHSA-2015:0832)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0832 advisory. PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either...

RHEL 7 : openstack-puppet-modules (RHSA-2017:0359)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:0359 advisory. openstack-puppet-modules provides a collection of Puppet modules which Red Hat OpenStack Platform director uses to install and configure OpenStack...

CVE-2024-28265

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php...

CVE-2024-50083 tcp: fix mptcp DSS corruption due to large pmtu xmit

In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ------------ cut here ------------ WARNING:...

CVE-2024-51509

Tiki through 27.0 allows users who have certain permissions to insert a "Modules" aka tiki-adminmodules.php stored XSS payload in the Name...

CVE-2024-6245

CVE-2024-6245 applies to Maruti Suzuki SmartPlay (Linux Infotainment Hub) with firmware 66T0.05.50. The issue is use of default credentials that lets an attacker try common or default usernames and passwords, detected on a 2022 Brezza in India. CVSSv3.1 score is 7.4 (HIGH) with Adjacent attack ve...

CVE-2024-51509

CVE-2024-51509 affects Tiki Wiki CMS Groupware up to version 27.0. Vulnerability: users with certain permissions can insert a stored XSS payload in the Name field of Modules (tiki-admin_modules.php). Impact is injection of a stored XSS payload as described in multiple sources; no explicit remedia...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-2640)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-51509

Tiki through 27.0 allows users who have certain permissions to insert a "Modules" aka tiki-adminmodules.php stored XSS payload in the Name...

Arista Networks EOS Improper Privilege Management (SA0082)

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentia...

org.openrefine:benchmark (>=3.6-beta1 <=3.8.2), org.openrefine:database (>=3.6-beta1 <=3.8.2) +7 more potentially affected by unknown CVE via org.openrefine.dependencies:butterfly (>=1.2.3 <=1.2.5)

org.openrefine.dependencies:butterfly MAVEN version =1.2.3, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.7-beta1, =3.6-beta1, =3.6.2 Source cves: unknown CVE Source advisory: OSV:GHSA-MPCW-3J5P-P99X...