4571 matches found
CVE-2022-29526 affecting package cri-o for versions less than 1.21.7-2
CVE-2022-29526 affecting package cri-o for versions less than 1.21.7-2. A patched version of the package is available...
CVE-2024-3194
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
PT-2024-21928 · Unknown · Superantispyware Professional
Name of the Vulnerable Software and Affected Versions: SUPERAntiSpyware Professional X versions 10.0.1262 through 10.0.1264 Description: The issue allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:Program FilesSUPERAntiSpyware folder...
SUSE CVE-2024-32658
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available...
UBUNTU-CVE-2024-32661
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible NULL access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available...
CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-7
CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-7. A patched version of the package is available...
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37. A patched version of the package is available...
CVE-2023-1393 affecting package xorg-x11-server for versions less than 1.20.10-4
CVE-2023-1393 affecting package xorg-x11-server for versions less than 1.20.10-4. A patched version of the package is available...
CVE-2024-27281 affecting package ruby for versions less than 3.1.4-4
CVE-2024-27281 affecting package ruby for versions less than 3.1.4-4. A patched version of the package is available...
PT-2024-24484 · Tenda · Tenda W30E
Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0 V1.0.1.25633 Description: The issue is a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. Recommendations: For Tenda W30E version 1.0 V1.0.1.25633, consider disabling the...
PT-2024-24501 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: The issue is a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. This vulnerability can be exploited, potentially allowing unauthorized access or...
DEBIAN-CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...
OESA-2024-1425 flatpak security update
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...
PT-2024-3328 · Maccms · Maccms
Name of the Vulnerable Software and Affected Versions: Macs CMS version 1.1.4f Description: The issue is related to a lack of protection against SQL injection attacks when handling certain parameters, including resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole,...
PT-2024-19542
Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1 Description A Server Side Template Injection SSTI issue allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Recommendations For Form Tools version 3.1.1,...
CVE-2024-31999
The CVE-2024-31999 issue affects @festify/secure-session used with Fastify. The vulnerability arises in the session removal process: after a session is marked for deletion, an attacker who can access the cookie could continue to reuse it, effectively retaining access across requests. Public detai...
CVE-2024-24809
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...
CVE-2024-3448
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...
CVE-2022-2585 affecting package kernel for versions less than 5.15.153.1-1
CVE-2022-2585 affecting package kernel for versions less than 5.15.153.1-1. A patched version of the package is available...
CVE-2023-6560 affecting package kernel for versions less than 5.15.153.1-1
CVE-2023-6560 affecting package kernel for versions less than 5.15.153.1-1. A patched version of the package is available...