CVE-2024-39562 Junos OS Evolved: A high rate of SSH connections causes a Denial of Service

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon sshd instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service DoS by blocking SSH access for legitimate...

CVE-2024-5911

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which...

CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which...

CVE-2024-5911

CVE-2024-5911 affects Palo Alto Networks PAN-OS Panorama web interface via an arbitrary file upload vulnerability accessible to an authenticated read-write administrator. The issue can disrupt system processes and crash Panorama, with repeated attacks potentially forcing maintenance mode requirin...

CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which...

PAN-OS: File Upload Vulnerability in the Panorama Web Interface

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

CVE-2024-6422

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data...

CVE-2024-6422

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data...

CVE-2024-34720

In comandroidinternalosZygoteCommandBuffernativeForkRepeatedly of comandroidinternalosZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no...

CVE-2024-6126

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pamenv's userreadenv option, which leads to a denial of service DoS attack...

ASB-A-319081336

In comandroidinternalosZygoteCommandBuffernativeForkRepeatedly of comandroidinternalosZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no...

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...

CVE-2024-35225

Jupyter Server Proxy (jupyter-server-proxy) has a reflected XSS in the host parameter of the /proxy endpoint. Affected versions: 3.x prior to 3.2.4 and 4.x prior to 4.2.0. The issue occurs when an invalid host value is echoed back, enabling a phishing link to execute arbitrary JavaScript in a use...

CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...

Jupyter Server Proxy Security Vulnerability

Jupyter Server Proxy is an open source library from JupyterHub that allows arbitrary external processes to be run alongside a laptop server. A security vulnerability exists in Jupyter Server Proxy prior to 3.2.4, versions prior to 4.2.0, which stems from a vulnerability that allows users to run...

PIP-INTEL - OSINT and Cyber Intelligence Tool

Pip-Intel is a powerful tool designed for OSINT Open Source Intelligence and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...

SUSE CVE-2024-36949

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfdsuspendallprocesses to evict all processes on all devices, this call takes...

BIT-NGINX-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

BIT-NGINX-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...