It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code.(CVE-2023-6270)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)
In the Linux kernel, the following vulnerability has been
resolved: netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that are
not yet active.(CVE-2024-26581)
In the Linux kernel, the following vulnerability has been
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable
rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-
bounds read when parsing the netlink attributes.(CVE-2024-26597)
It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006)
It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a privilege escalation. (CVE-2023-32559)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-32639.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5723.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-32501.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5725.
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-51634.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-51635.
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-36473.
