CVE-2024-26597

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnetpolicy The variable rmnetlinkops assign a bigger maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below:...

CVE-2024-11067

creationtimestamp| type| source ---|---|--- 2024-11-11 08:12:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113463310423022630 2024-11-11 10:15:02+00:00| seen| https://t.me/cvedetector/10482 2024-11-13 16:42:10+00:00| seen| https://mstdn.ca/users/rfwaveio/statuses/113476640532735205...

Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Internet Bug Bounty: Use of uninitialized value in ftp_getrc_msg method of mod_proxy_ftp.c

This is a Security Bug Report for modproxyftp. This bug is present in ftpgetrcmsg method of modules/proxy/modproxyftp.c file. This is the line which causes this bug. c ... mb = aprcpystrnmb, response + 4, me - mb; ... If ftp server returns a response like "\r\n", which has 3 characters with...

Cisco Wireless LAN Controller Cross-Site Request Forgery Vulnerability

Cisco Wireless LAN Controller WLC Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input processed by the WLC management...

dpec-course-passwds.txt

Date: Fri, 15 Jan 1999 21:45:24 -0700 From: Joel Knight To: [email protected] Subject: DPEC Online Courseware DPEC's www.dpec.com Online Courseware has a nasty bug in it that allows anyone to change anyone elses password without knowing what their current password is. This is NOT limited to...