30456 matches found
PT-2024-28929 · Pentaminds · Pentaminds Curovms
Name of the Vulnerable Software and Affected Versions: Pentaminds CuroVMS version 2.0.1 Description: The issue is related to exposed credentials in the software. This means that sensitive information, such as passwords or other authentication data, is not properly secured and can be accessed by...
CentOS 9 : kernel-5.14.0-539.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-539.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmtindexremoved If...
shared_preferences_android vulnerability
Impact Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code...
CVE-2024-50393
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and...
CVE-2024-48863
A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later...
OESA-2024-2504 golang security update
. Security Fixes: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.CVE-2024-34156...
CVE-2024-54135 Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photoupload.php within the decodekey function. User inputs were supplied to this function...
Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024119 fixes several issues. The following security issues were fixed: CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35905: Fixed int overflow for stack...
SUSE: Security Advisory (SUSE-SU-2024:4204-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2024-1733429914 php: Fix of CVE-2024-11233
CVE-2024-11233: fix buffer overflow vulnerability in convert.quoted-printable-decode filter...
SUSE-SU-2024:4205-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. - Further merge docker a...
CVE-2024-24786 affecting package prometheus for versions less than 2.45.4-6
CVE-2024-24786 affecting package prometheus for versions less than 2.45.4-6. A patched version of the package is available...
CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2
CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2. A patched version of the package is available...
SUSE CVE-2024-53129
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtcstate. Fix warning: drivers/gpu/drm/rockchip/rockchipdrmvop.c:1096 vopplaneatomicasynccheck warn: variable dereferenced...
Pixel Watch Security Bulletin—December 2024Stay organized with collectionsSave and categorize content based on your preferences.
The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2024-11-05 or later address all issues in this bulletin and all issues in the November 2024 Android Security Bulletin and all...
CVE-2024-53982
CVE-2024-53982 affects the Zoo-Project WPS implementation, specifically the Echo example. The vulnerability arises from lack of input validation in a file-caching parameter, enabling an attacker to fully control the file returned in the response (path traversal). A patch was committed on 2024-11-...
UBUNTU-CVE-2024-53132
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drmWARN: 953.586396 xe 0000:00:02.0: drm Missing outer runtime PM protection ... 953.587090 ? xepmruntimegetnoresume+0x8d/0xa0 xe 953.587208...
CVE-2024-53139 sctp: fix possible UAF in sctp_v6_available()
In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctpv6available A lockdep report 1 with CONFIGPROVERCULIST=y hints that sctpv6available is calling devgetbyindexrcu and ipv6chkaddr without holding rcu. 1 ============================= WARNING: suspiciou...
PT-2024-17151 · WordPress · Accessibility By Allaccessible
Name of the Vulnerable Software and Affected Versions: Accessibility by AllAccessible plugin for WordPress versions up to, and including, 1.3.4 Description: The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege...
GHSA-VP6V-WHFM-RV3G Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
Impact In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands...