124 matches found
EUVD-2013-4413
Malware in sbrugna...
CVE-2023-46807
An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...
OPENSUSE-SU-2024:0157-1 Security update for nano
This update for nano fixes the following issues: - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file boo1226099...
RHEL 9 : kernel (RHSA-2024:0448)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0448 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Incorrect verifier prunin...
Oracle Linux 8 : libseccomp (ELSA-2019-3624)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3624 advisory. 2.4.1-1 - rebase to 2.4.1 2.3.3-4 - spec: make the check phase conditional Tenable has extracted the preceding description block directly from the Oracle Linux...
Cross-Site Request Forgery (CSRF)
com.xuxueli:xxl-job is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in xxl-job-admin/user/add, which allows an attacker to use a crafted .html file to cause CSRF attacks due to insufficient checks, resulting in arbitrary code execution and privilege escalations...
CISA Adds Five Known Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass...
VMSA-2023-0009:VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue
Advisory ID: VMSA-2023-0009 CVSSv3 Range: 6.4-8.8 Issue Date:2023-05-11 Updated On: 2023-05-11 Initial Advisory CVEs: CVE-2023-20877, CVE-2023-20878, CVE-2023-20879, CVE-2023-20880 Synopsis: VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue...
GHSA-6M9F-PJ6W-W87G Rancher Webhook is misconfigured during upgrade process
Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...
K65043534: Multiple INTEL BIOS vulnerabilities
Security Advisory Description CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platfo...
K04454621: Linux kernel vulnerability CVE-2020-25671
Security Advisory Description A vulnerability was found in Linux Kernel, where a refcount leak in llcpsockconnect causing use-after-free which might lead to privilege escalations. CVE-2020-25671 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Statu...
K14594844: Linux kernel Vulnerability CVE-2020-25670
Security Advisory Description A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege escalations. CVE-2020-25670 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
RHEL 8 : kernel (RHSA-2022:5626)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5626 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Small table perturb size in th...
OESA-2022-1616 mariadb security update
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...
SUSE SLES12 Security Update : kernel (Live Patch 37 for SLE 12 SP3) (SUSE-SU-2022:0325-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0325-1 advisory. - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner...
SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:0293-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0293-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege escalation...
SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP2) (SUSE-SU-2022:0291-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0291-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege escalation...
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 15 for SLE 12 SP5) (SUSE-SU-2022:0263-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0263-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege...
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 16 for SLE 12 SP5) (SUSE-SU-2022:0234-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0234-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege...
Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords
Summary A flaw in the file permissions may expose IPMI user passwords. This may lead to privilege escalations. Vulnerability Details CVEID: CVE-2020-14156 DESCRIPTION: OpenBMC phosphor-host-ipmid could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to...