Schneider Electric Data Center Expert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : Data Center Expert Vulnerability : Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function 2. RISK EVALUATION Successful...

PT-2024-6501

Name of the Vulnerable Software and Affected Versions cups versions prior to 2.4.11-alt1 cups-browsed versions prior to 2.0.1-0ubuntu2.1 cups-filters affected versions not specified Description The Common UNIX Printing System CUPS and related components, including cups-browsed and cups-filters, a...

CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

Important: kernel-livepatch-5.10.220-209.867

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-5.10.220-209.867 Issue Correction: Please ensure you have live patching enabled. Run yum update...

CVE-2024-46982

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

CVE-2024-46982

CVE-2024-46982 affects Next.js pages router SSR caching: crafted requests can poison non-dynamic SSR routes (e.g., pages/dashboard.tsx) and lead to caching of sensitive responses with Cache-Control: s-maxage=1, stale-while-revalidate, potentially spreading via upstream CDNs. Affected versions are...

RHSA-2016:2994 Red Hat Security Advisory: Red Hat Ceph Storage 1.3 security update

Bulletin has no description...

RHSA-2012:0514 Red Hat Security Advisory: java-1.6.0-ibm security update

Bulletin has no description...

PT-2024-39155 · WordPress · Wpfactory Helper

Name of the Vulnerable Software and Affected Versions: WPFactory Helper plugin for WordPress versions up to, and including, 1.7.0 Description: The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on...

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10...

CVE-2024-43803

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of th...

PT-2024-28557 · Unknown · Listingpro

Name of the Vulnerable Software and Affected Versions: ListingPro versions through 2.9.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to exploit the system, potentially leading ...

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Security Agency CISA has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 CVSS score: 6.6, is case of...

BIT-VALKEY-2021-32626 Lua scripts can overflow the heap-based Lua stack in Redis

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

BIT-VALKEY-2021-41099 Integer overflow issue with strings in Redis

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

BIT-KEYDB-2021-41099 Integer overflow issue with strings in Redis

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

BIT-KEYDB-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

BIT-KEYDB-2022-24736 A Malformed Lua script can crash Redis

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

Important: kernel-livepatch-4.14.348-265.562

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-4.14.348-265.562 Issue Correction: Please ensure you have live patching enabled. Run yum update...