23 matches found
VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Linux
The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Arbitrary Code Execution
Overview runtime.win-x64.Microsoft.NETCore.App is an internal implementation package not meant for direct consumption Affected versions of this package are vulnerable to Arbitrary Code Execution. A vulnerability exists in .NET during crash and stack trace scenarios that could lead to loading...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in how WPF applications load and render XPS documents which may result in remote code execution. Remediation Upgrade Microsoft.WindowsDesktop.App.Runtime.win-x86 to version 6.0.18, 7.0.7...
Privilege Escalation
Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.18, 7.0.7 or higher...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in how WPF applications load and render XPS documents which may result in remote code execution. Remediation Upgrade Microsoft.WindowsDesktop.App.Runtime.win-x64 to version 6.0.18, 7.0.7...
SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:2122-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2122-1 advisory. - Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCA...
CVE-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
CVE-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
DEBIAN-CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...
Design/Logic Flaw
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...
GSD-2023-1000451 RISC-V: kexec: Fix memory leak of fdt buffer
RISC-V: kexec: Fix memory leak of fdt buffer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
GSD-2023-1000442 ext4: don't allow journal inode to have encrypt flag
ext4: don't allow journal inode to have encrypt flag This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
GSD-2023-1000439 ext4: don't set up encryption key during jbd2 transaction
ext4: don't set up encryption key during jbd2 transaction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
PT-2023-33512 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.18 Description: The issue is related to the compiler-generated aeabi uldivmod function in the NWFPE component of the ARM architecture. The actual impact and potential for attack have not been proven yet...
PT-2023-33531 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: A memory leak issue was discovered in the ima inode hash function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2023-33498 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v3.13 through v6.0.18 Description: The issue concerns potential resource leaks in the NFC component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions v3.13...
PT-2023-33482 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: A bug was found in the es tree search function of the ext4 file system, caused by a bad boot loader inode. The actual impact and attack plausibility of this issue have not yet been proven...
PT-2023-33564 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue is related to the ext2 empty dir function in the Linux Kernel. It was introduced in version v5.19 and fixed in version v6.0.18. The actual impact and attack plausibility have not y...
PT-2023-33549 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue is related to an infinite loop in tracing read pipe on overflowed print trace line. This problem was introduced in version v2.6.27 and is fixed in Linux Kernel version v6.0.18. The...
QNAP NAS Photo Station Multiple XSS Vulnerabilities (QSA-21-41)
QNAP NAS Photo Station is prone to two stored cross-site scripting XSS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...