CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

PT-2024-31597 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.18.0 Description: The Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook...

CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2024:0274-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0274-1 advisory. - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when...

Linksys E1500/E2500 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys E1500/E2500 Remote Command Execution', 'Description' = %q Some Linksys Routers are vulnerable to an authenticated OS command injection...

D-Link DIR-846W Command Execution Vulnerability

D-Link DIR-846W is a dual-band Gigabit wireless router with second-generation 11AC technology and MU-MIMO technology, supporting dual-band concurrent transmission rates up to 1200Mbps for 200M and above broadband users. The D-Link DIR-846W suffers from a command execution vulnerability that stems...

PT-2024-5964 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846W A1 FW100A43 Description: The issue is related to a remote command execution vulnerability via the tomography ping address parameter in the /HNAP1/ interface. This vulnerability may allow a remote attacker to execute arbitrary...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

DEBIAN-CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

CVE-2024-43878

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: 52.987278 eth1: renamed from veth11 53.078814 eth1: renamed from veth21 53.181355...

SUSE CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

UBUNTU-CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix versions 6.4.15 and 7.0.0rc2, which stems from the fact that an administrator with restricted...

CVE-2024-22116 Remote code execution within ping script

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

CVE-2024-22116

CVE-2024-22116 affects Zabbix: an administrator with restricted permissions can abuse the Script Execution feature in the Monitoring Hosts section by exploiting the Ping script’s parameters, due to missing default escaping. This leads to arbitrary code execution and infrastructure compromise. Pub...

CVE-2024-22116 Remote code execution within ping script

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...