CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API

Impact An unauthenticated stack overflow crash, leading to a denial of service DoS, was identified in Rancher’s /v3-public/authproviders public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would...

PT-2025-8923 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A vulnerability has been discovered in Windows Virtualization-Based Security. The issue was disclosed on 2025-02-25 and a patch was released in February 2025 Patch Tuesday. It was discovere...

CVE-2022-49179 block, bfq: don't move oom_bfqq

In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq Our test report a UAF: 2073.019181 ================================================================== 2073.019188 BUG: KASAN: use-after-free in bfqputasyncbfqq+0xa0/0x168 2073.019191 Write of size 8...

UBUNTU-CVE-2025-23046

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

SUSE-SU-2025:0681-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-15060021 fixes several issues. The following security issues were fixed: - CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes bsc1227320. - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irqprocessworklist...

Security Updates for Microsoft SharePoint Server 2019 (February 2025)

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by a Remote Code Execution Vulnerability %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid216130;...

CVE-2021-37647

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...

CVE-2020-15193

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

CVE-2020-15196

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

ismp-grandpa crate accepted incorrect signatures

A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduce...

CVE-2024-55931

Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin...

HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information

Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...

GHSA-2V2W-8V8C-WCM9 Rancher UI has Stored Cross-site Scripting vulnerability

Impact A vulnerability has been identified within Rancher UI that allows a malicious actor to perform a Stored XSS attack through the cluster description field. Please consult the associated MITRE ATT&CK - Technique - Drive-by Compromise for further information about this category of attack...

Security Updates for Microsoft Excel Products (January 2025)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relied...

Atlassian Confluence 7.19.x < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.1 (CONFSERVER-98022)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98022 advisory. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus has not tested for this...

Ubuntu: Security Advisory (USN-6940-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-56121 CVE-2024-47809 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

Slackware: Security Advisory (SSA:2025-008-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 4.0: Python3 PHSA-2024-4.0-0704

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0704. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...