CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

F5 Networks BIG-IP : CGNAT LSN vulnerability (K04048104)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.3.1 / 15.1.1 / 16.0.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K04048104 advisory. - On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5...

F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K61643620)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3.1 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K61643620 advisory. - On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2...

UBUNTU-CVE-2023-3362

An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub...

UBUNTU-CVE-2023-3424

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

CVE-2023-3362

Removed by vendor...

F5 Networks BIG-IP : Traffic Intelligence feeds vulnerability (K25046752)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K25046752 advisory. - In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic...

Design/Logic Flaw

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol OCSP verification of a certificate that contains Authority Information Access AIA, undisclosed requests may cau...

F5 Networks BIG-IP : glibc vulnerability (K38481791)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.3 / 15.1.4 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K38481791 advisory. The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range...

Corel Parallels Desktop 安全漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A stack buffer overflow vulnerability exists in the Toolgate component in Parallels Desktop version 16.1.0-48950. The vulnerability stems from not properly validating the length of user-supplied data before copying it to ...

F5 Networks BIG-IP : BIG-IP APM vulnerability (K32049501)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K32049501 advisory. - On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM...

F5 Networks BIG-IP : iControl REST vulnerability (K68652018)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K68652018 advisory. An authenticated attacker with access to iControl REST over the control plane may be...

Hapi Denial of Service Vulnerability

Hapi is a server framework for Node.js. The framework supports input validation, caching, and authentication. A security vulnerability exists in Hapi versions 15.0.0 through 16.1.0. An attacker can exploit the vulnerability to cause hapi to crash or the client connection to hang...