Cisco NX-OS Improper Verification of Cryptographic Signature (CVE-2017-12331)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX- OS signature verification for software patches. An authenticated, local attacker could exploit...

CVE-2024-52337

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

PT-2024-34384 · Owncloud · Owncloud

Name of the Vulnerable Software and Affected Versions: Owncloud android apk version 4.3.1 Description: An issue in the Owncloud android application allows a physically proximate attacker to escalate privileges. This is specifically related to the PassCodeViewModel class, in the checkPassCodeIsVal...

PT-2025-3623

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns the Linux kernel's wifi functionality, specifically the cfg80211 module. During link deletion, the link ID is removed from the valid links bitmap before cleanup...

CVE-2022-20626

A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability i...

CVE-2024-50305 Apache Traffic Server: Valid Host field value can cause crashes

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue...

CVE-2024-50305

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue...

CVE-2024-50305 Apache Traffic Server: Valid Host field value can cause crashes

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue...

AZL-52590 CVE-2024-50102 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...

SUSE CVE-2024-7594

Vault's SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault's SSH secrets engine could be used to...

kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

Google Pixel 安全漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from incorrect boundary checking in validaddress in syscall.c, which can be exploited by an attacker to cause an out-of-bounds read...

UBUNTU-CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

CVE-2024-20268

A vulnerability in the Simple Network Management Protocol SNMP feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to...

CVE-2024-48644

Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera Firmware Version v3.0.0.188923031701 allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such...

CVE-2024-48644

Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera Firmware Version v3.0.0.188923031701 allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such...

SUSE CVE-2024-47702

In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/dataend/datameta syzbot reported a kernel crash due to commit 1f1e864b6555 "bpf: Handle sign-extenstin ctx member accesses". The reason is due to sign-extension of 32-bit...

CVE-2024-4739

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource...

MOXA MXsecurity 安全漏洞

MOXA MXsecurity is a management platform from China-based MOXA. It provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A security vulnerability exists in MOXA MXsecurity...