7 matches found
Azure Linux 3.0 Security Update: kernel (CVE-2024-46711)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46711 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after...
CVE-2024-43784 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Impact Existing lakeFS users who have issued credentials to users who have been deleted. Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion. Patches Has the problem been patched? What...
CVE-2024-37085
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management...
CVE-2023-37911
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document b...
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document b...
Processes refinance operations may call malicious code by re-created refinancer contract
Lines of code Vulnerability details Impact When an attacker borrower proposes a new term, the attacker can let a lender accept the malicious term which the lender doesn't expect. It uses delegatecall in acceptNewTerms of MapleLoanInternals.sol. Though a lender can manually check refinancer contra...