4121 matches found
Apache APISIX Dashboard Default Credentials
The scanner successfully authenticated on the Apache APISIX web application by using predictable credentials on its login form. No source data...
kernel: wifi: rtw89: fix null pointer access when abort scan
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan The Linux kernel CVE team has assigned CVE-2024-35946 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051921-CVE-2024-35946-c2c2@gregkh/T...
kernel: block: fix deadlock between bd_link_disk_holder and partition scan
A flaw was found in the Linux kernel, where a deadlock can occur between bdlinkdiskholder and partition scan...
kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband
A vulnerability was found in the Linux kernel's rtw89 driver function rtw89scanget6gdisabledchan caused by its handling of 6 GHz band channels during scans. A lack of proper sband checks can lead to a situation where the sband is not available due to device limitations/restrictions set by the BIO...
mac802154: Fix potential RCU dereference issue in mac802154_scan_worker
...
PT-2025-8837
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory error issue has been identified in the Linux kernel, specifically in the wifi: ath12k component. The problem arises from the print array to buf index function being passed an...
CVE-2024-50008
...
The vulnerability of the jscript9legacy.dll library in the Antimalware Scan Interface (AMSI) component of Microsoft Windows operating systems allows a malicious actor to circumvent security restrictions.
The vulnerability of the jscript9legacy.dll library in the Antimalware Scan Interface AMSI component of Microsoft Windows operating systems is related to a flaw in the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent security restrictions...
SUSE CVE-2024-50227
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix KASAN reported stack out-of-bounds read in tbretimerscan KASAN reported following issue: BUG: KASAN: stack-out-of-bounds in tbretimerscan+0xffe/0x1550 thunderbolt Read of size 4 at addr ffff88810111fc1c by task...
CVE-2024-50227 thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan()
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix KASAN reported stack out-of-bounds read in tbretimerscan KASAN reported following issue: BUG: KASAN: stack-out-of-bounds in tbretimerscan+0xffe/0x1550 thunderbolt Read of size 4 at addr ffff88810111fc1c by task...
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in btrfsfreeextradevids Mounting btrfs from two images which have the same one fsid and two different devuuids in certain executing order may trigger an UAF for variable...
CVE-2024-50159 firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix the double free in scmidebugfscommonsetup Clang static checkerscan-build throws below warning: | drivers/firmware/armscmi/driver.c:line 2915, column 2 | Attempt to free released memory. When...
CVE-2024-10661
A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit...
Exploit for SQL Injection in Ultimatemember Ultimate_Member
CVE-2024-1071 Exploit Script 🚀 🌟 Disclaimer This Proof o...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
CycloneDX cdxgen may execute code contained within build-related files
CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
GHSA-HXF3-VGPM-FV9P CycloneDX cdxgen may execute code contained within build-related files
CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
CVE-2024-50611
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
CVE-2024-50611
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
NuGet Package 'Tiktoken' Detection
The remote host has a 'Tiktoken' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...