Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a CPU hot-plug callback that runs incorrectly after a device logs off...

K000139692: Websense vulnerabilities CVE-2006-2035 and CVE-2010-5144

Security Advisory Description CVE-2006-2035 Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. CVE-2010-5144 The ISAPI Filter plug-in in Websense Enterprise...

Vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...

JVN#83405304: "OfferBox" App uses a hard-coded secret key

"OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Impact The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered. Solution The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this...

CVE-2024-1929

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

CVE-2023-46012

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP...

LINKSYS EA7500 安全漏洞

The Linksys EA7500 is a wireless router from Linksys USA. A buffer overflow vulnerability exists in the LINKSYS EA7500 version 3.0.1.207964. The vulnerability stems from an application boundary error when handling untrusted input. A remote attacker could use this vulnerability to execute arbitrar...

CVE-2023-40479

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...

CVE-2023-40479

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...

UBUNTU-CVE-2024-26957

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcryptcard. The reason was an...

mysql: Server: Audit Plug-in unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...

kernel: drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP

A flaw was found in the Linux kernel's nouveau graphics driver for NVIDIA GPUs. The hpdirqlock spinlock is not initialized for PIOR Parallel Interface Output Resource DisplayPort connectors. This missing initialization causes a kernel oops on systems with ANX9805 DP encoders when hotplug detectio...

ALSA-2024:2287 Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in the Insyde InsydeH2O kernel versions 5.0 through 5.6, whic...

CVE-2024-32358

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...

CVE-2024-32358

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...

CVE-2024-32358

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...

Jpress 安全漏洞

Jpress is a blogging platform developed in Java language by Jpress team. A security vulnerability exists in Jpress version v.5.1.0, which originates from a vulnerability that allows remote attackers to execute arbitrary code via the custom plug-in module functionality...

CVE-2024-32358

CVE-2024-32358 affects JPress v5.1.0. The issue allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, indicating a code execution risk originating from the plug‑in handling path. No remediation patch/version details are provided in the supp...

CVE-2024-21061

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...