30465 matches found
RHSA-2017:2683 Red Hat Security Advisory: kernel security update
Bulletin has no description...
RHSA-2016:1301 Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2010:0986 Red Hat Security Advisory: java-1.4.2-ibm-sap security update
Bulletin has no description...
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2. A patched version of the package is available...
PT-2024-6332
Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.39 Spring Framework versions 6.0.0 through 6.0.23 Spring Framework versions 6.0.24 through 6.1.12 Spring Framework versions 6.1.13 and earlier Description The vulnerability is related to path travers...
Updated microcode package fix security vulnerabilities
Improper isolation in the IntelR CoreTM Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-42667 Improper isolation in some IntelR Processors stream cache mechanism may allow an authenticated user to...
filelock: fix potential use-after-free in posix_lock_inode
...
can: mcp251xfd: fix infinite loop when xmit fails
...
PT-2024-7700 · Tp Link · Tp-Link Tl-Wdr5620
Name of the Vulnerable Software and Affected Versions: TP-LINK TL-WDR5620 version 2.3 Description: A remote code execution RCE vulnerability exists in TP-LINK TL-WDR5620 via the httpProcDataSrv function. This issue allows a remote attacker to execute arbitrary code. The vulnerability occurs due t...
Photon OS 5.0: Linux PHSA-2024-5.0-0370
An update of the linux package has been released. File data PhotonOSPHSA-2024-50-0370linux.nasl...
CVE-2024-45591
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...
AZL-49088 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-4
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...
AZL-49155 CVE-2024-43800 affecting package nodejs-nodemon 2.0.3-5
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...
UBUNTU-CVE-2024-43799
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...
CVE-2024-43796 express vulnerable to XSS via response.redirect()
Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...
PT-2024-6368 · Mindsdb · Mindsdb
Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.11.4.2 through 24.7.4.1 Description: An arbitrary code execution issue exists when one of several integrations is installed on the server. If a specially crafted UPDATE query containing Python code is run against a databas...
PT-2024-9884
Name of the Vulnerable Software and Affected Versions: Nix versions 2.24 through 2.24.5 Nix version 2.24 prior to 2.24.6 Description: A bug in Nix allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the...
PT-2024-6310 · Gitlab +2 · Gitlab +2
Name of the Vulnerable Software and Affected Versions: Ruby-SAML versions prior to 1.17.0 Ruby-SAML versions 1.13.0 through 1.16.0 GitLab versions prior to 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10 Description: The vulnerability is related to the Ruby SAML library, which is used for implementi...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection (CVE-2024-40689)
Summary A SQL injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-40689 DESCRIPTION: IBM InfoSphere Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to...
PT-2024-9667 · Synology · Synology Router Manager
Name of the Vulnerable Software and Affected Versions: Synology Router Manager versions prior to 1.3.1-9346-10 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting attacks. Remote authenticated users with...