GHSA-XW45-CC32-442F Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Summary The PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber...

CVE-2025-9208

OpenText Web Site Management Server contains a stored XSS vulnerability (CVE-2025-9208) in the web page generation flow triggered by the download query parameter removal from a file URL. Affected versions are Web Site Management Server 16.7.x, 16.8, and 16.8.1. The CVSS base score is 7.5 (HIGH) w...

EUVD-2010-1994

Malware in sbrugna...

EUVD-2018-11736

Malware in sbrugna...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

Impact OpenBao allows assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When using the usernameasalias=true parameter in the LDAP auth method, the caller-supplied username is used verbatim without normalization, allowing an attacker to...

SUSE CVE-2024-39498

In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drmdpaddpayloadpart2 Why Commit: - commit 5aa1dfcdf0a4 "drm/mst: Refactor the flow for payload allocation/removement" accidently overwrite the commit - commit 54d217406afe "drm: use mgr-de...

UBUNTU-CVE-2024-39498

In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drmdpaddpayloadpart2 Why Commit: - commit 5aa1dfcdf0a4 "drm/mst: Refactor the flow for payload allocation/removement" accidently overwrite the commit - commit 54d217406afe "drm: use mgr-de...

CVE-2024-39498

CVE-2024-39498 (Linux kernel) resolves a NULL pointer dereference in the DRM MST path during payload handling. The issue stemmed from an overwrite in a refactored payload allocation/removal flow, which regressed when two commits touched in drm_dp_add_payload_part2 used/modified the state input. T...

Mozilla: Use-after-free in XSLT parameter processing

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw...

Mozilla: Use-after-free in XSLT parameter processing

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw...

Mozilla: Use-after-free in XSLT parameter processing

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw...

Mozilla: Use-after-free in XSLT parameter processing

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw...

container-tools:2.0 security update

buildah 1.11.6-8.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-8 - exclude i686 arch - Related: 1821193 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file...

CentOS Update for pcs CESA-2018:1060 centos7

Check the version of pcs SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882895";...

CentOS 7 : pcs (CESA-2018:1060)

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Amazon Linux 2 : pcs (ALAS-2018-1005)

Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

Important: pcs

Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...

CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

RHEL 7 : pcs (RHSA-2018:1060)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1060 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: Privilege...