GHSA-8CM5-JFJ2-26Q7 Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

SUSE CVE-2024-4741

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

MariaDB 11.5.0 < 11.5.1

The version of MariaDB installed on the remote host is prior to 11.5.1. It is, therefore, affected by a vulnerability as referenced in the mariadb-1151-release-notes advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are...

CVE-2023-43850

Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web interface via HTTP POST request...

CVE-2023-43850

Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web interface via HTTP POST request...

CVE-2023-43850

Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web interface via HTTP POST request...

UBUNTU-CVE-2024-4741

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data...

CVE-2024-22275

CVE-2024-22275 affects VMware vCenter Server and is a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell can exploit it to read arbitrary sensitive data from files, with Confidentiality impact rated High and other impacts not affected....

DEBIAN-CVE-2021-47295

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindexpartialdestroywork Syzbot reported memory leak in tcindexsetparms. The problem was in non-freed perfect hash in tcindexpartialdestroywork. In tcindexsetparms new tcindexdata is allocated and...

DEBIAN-CVE-2021-47291

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79fe46 "ipv6: Fix KASAN:...

VMware vCenter Server 安全漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in tcindexpartialdestroywork...

Low: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,...

Intel Processors 安全漏洞

Intel Processors is an American Intel company that provides the ability to interpret computer instructions and process data in computer software. A security vulnerability exists in Intel Processors that stems from a hardware logic containing a race condition. The vulnerability could allow an...

MariaDB 10.5.0 < 10.5.25

The version of MariaDB installed on the remote host is prior to 10.5.25. It is, therefore, affected by a vulnerability as referenced in the 10.5.25 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 a...

CVE-2024-4039

The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘portopageheadershortcodetype’, ‘slideshowtype’ and ‘postlayout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

Simple Ajax Chat < 20240412 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...