1660 matches found
CVE-2024-51299
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function...
PT-2024-34589 · Draytek · Draytek Vigor3900
Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. Recommendations: For Draytek Vigor3900 version...
CVE-2024-50046 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42completecopies On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the...
CVE-2024-50046
CVE-2024-50046: In the Linux kernel, a NULL-pointer dereference could occur in NFSv4 when copying files saved in the mountpoint (nfs42_complete_copies()), leading to an SMP kernel crash during state recovery for an open NFS file. The issue manifests as kernel oops and related logs and is resolved...
CVE-2024-50046 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42completecopies On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-42246)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42246 advisory. - In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of...
CVE-2024-47508
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS.When specific SNMP GET operations or specifi...
CVE-2024-47505 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #1
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS.When specific SNMP GET operations or specifi...
BIT-PHP-2024-9026 PHP-FPM logs from children may be altered
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
CentOS 7 : rsyslog (RHSA-2022:4803)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4803 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used...
CVE-2024-9026
A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...
AZL-50172 CVE-2024-9026 affecting package php for versions less than 8.3.12-1
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
DEBIAN-CVE-2024-9026
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management an...
UBUNTU-CVE-2024-9026
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
A flaw was found in the Linux kernel's bpf programs. Under certain conditions, when the kernel attempts to initiate a network connection using the kernelconnect function, it can return a value that causes the cxtcpsetupsocket function to loop. This issue can lead to continuous data writing to the...
kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
A flaw was found in the Linux kernel's bpf programs. Under certain conditions, when the kernel attempts to initiate a network connection using the kernelconnect function, it can return a value that causes the cxtcpsetupsocket function to loop. This issue can lead to continuous data writing to the...
kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
A flaw was found in the Linux kernel's bpf programs. Under certain conditions, when the kernel attempts to initiate a network connection using the kernelconnect function, it can return a value that causes the cxtcpsetupsocket function to loop. This issue can lead to continuous data writing to the...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2455)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2455)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by...