30457 matches found
PT-2024-10604 · Unknown · Lunad3V Areaload
Name of the Vulnerable Software and Affected Versions: LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec Description: A critical issue affects the processing of the file request.php, where the manipulation of the phone argument leads to sql injection. The estimated number of...
CLSA-2024-1730133909 Fix CVE(s): CVE-2023-27043
SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses and parseaddr functions - CVE-2023-27043...
PT-2024-41495
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.1 Description A permissions issue allowed a malicious application with root privileges to access private information. This was addressed with additional restrictions. Recommendations Update to macOS version 15.1 or...
PT-2025-7414
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.1 Description An application may be able to access user-sensitive data due to improved permissions checking. Recommendations Update to macOS version 15.1...
[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-5.fc41
Fast, reliable, and secure dependency management...
Exposure of vSphere's CPI and CSI credentials in Rancher
Impact A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a...
CVE-2024-49757
Zitadel contains a user-registration bypass in versions prior to 2.64.0 (and 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, 2.58.7) due to a missing security check. Administrators can disable self-registration (via the UI) but attackers could still register by navigating directly to /ui/login/loginname,...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...
BIT-CILIUM-2024-47825 CIDR deny policies may not take effect when a more narrow CIDR allow is present
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSe...
PT-2024-7501 · Cisco · Cisco Adaptive Security Device Manager +2
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the TLS cryptography functionality could allow an...
CVE-2024-48919
CVE-2024-48919 affects Cursor, an AI-assisted code editor. Prior to 2024-09-27, if a user imported a malicious webpage into Cursor’s Terminal Cmd-K, an attacker controlling that page could influence a language model to emit arbitrary terminal commands when the user opts to include the page conten...
CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K
Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...
CVE-2024-49954
In the Linux kernel, the following vulnerability has been resolved: staticcall: Replace pointless WARNON in staticcallmodulenotify staticcallmodulenotify triggers a WARNON, when memory allocation fails in staticcalladdmodule. That's not really justified, because the failure case must be correctly...
PT-2024-33177 · Unknown · Hospital Management System
Name of the Vulnerable Software and Affected Versions: Hospital Management System version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code due to a SQL Injection vulnerability in the hospital management system written in PHP. This could put sensitive data at risk...
CVE-2024-49880
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...
DEBIAN-CVE-2022-48947
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAPCONFREQ packets, chan-numconfrsp increases multiple times and eventually it will wrap around the maximum number i.e., 255. This patch prevents this by adding a boundary check...
CVE-2022-48975
In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...
CVE-2024-50063 bpf: Prevent tail call between progs attached to different hooks
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one...
CVE-2024-50034 net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsksynmss with IPPROTOSMC Eric report a panic on IPPROTOSMC, and give the facts that when INETPROTOSWICSK was set, icsk-icsksyncmss must be set too. Bug: Unable to handle kernel NULL pointer dereference at...
CVE-2024-50034 net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsksynmss with IPPROTOSMC Eric report a panic on IPPROTOSMC, and give the facts that when INETPROTOSWICSK was set, icsk-icsksyncmss must be set too. Bug: Unable to handle kernel NULL pointer dereference at...