251 matches found
EUVD-2023-39007
Malicious code in bioql PyPI...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: nvkm: The available space of the GSP cmdq buffer is calculated correctly. r535gspcmdqpush waits for an available page in the GSP cmdq buffer when handling a large RPC request. When it encounters at least one available page in...
CVE-2023-48886
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...
CVE-2023-48887
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...
CVE-2018-15631
Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request...
SUSE CVE-2012-6534
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save...
Linux Distros Unpatched Vulnerability : CVE-2024-58018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvkm: correctly calculate the available space of the GSP cmdq buffer r535gspcmdqpush waits for the available page in the GSP cmdq buffer when handling a large R...
CVE-2024-58018
In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535gspcmdqpush waits for the available page in the GSP cmdq buffer when handling a large RPC request. When it sees at least one available page in the cmdq, it...
CVE-2024-58018
The CVE-2024-58018 issue affects the Linux kernel’s GSP command queue path within the Nouveau nvkm/GSP code. The root cause is in r535_gsp_cmdq_push/r535_gsp_msgq_wait logic: when handling large RPCs, the code treats the available pages as (write pointer, buf_size) and exits the wait prematurely,...
CVE-2024-58018 nvkm: correctly calculate the available space of the GSP cmdq buffer
In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535gspcmdqpush waits for the available page in the GSP cmdq buffer when handling a large RPC request. When it sees at least one available page in the cmdq, it...
How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics
On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto...
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...
CVE-2023-48887
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...
CVE-2023-48886
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...
Deserialization of untrusted data
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...
Deserialization of untrusted data
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...
CVE-2023-48887
CVE-2023-48887 applies to Jupiter v1.3.1 and describes a deserialization vulnerability that allows an attacker to execute arbitrary commands by sending a crafted RPC request. The issue is categorized as a high/critical remote code execution risk (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Mu...
CVE-2023-48887
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...
CVE-2023-48887
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...