| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here> |
| Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used directly in outbound HTTP requests without any scheme restriction or hostname/IP validation. An attacker who can modify the Glances configuration can force the application to send requests to arbitrary internal or external endpoints. Additionally, when public_username and public_password are set, Glances automatically includes these credentials in the Authorization: Basic header, resulting in credential leakage to attacker-controlled servers. This vulnerability can be exploited to access internal network services, retrieve sensitive data from cloud metadata endpoints, and/or exfiltrate credentials via outbound HTTP requests. The issue arises because public_api is passed directly to the HTTP client (urlopen_auth) without validation, allowing unrestricted outbound connections and unintended disclosure of sensitive information. Version 4.5.4 contains a patch. |
| In the Linux kernel, the following vulnerability has been resolved:
driver core: platform: use generic driver_override infrastructure
When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.
Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.
Note that calling match() from __driver_attach() without the device lock
held is intentional. [1] |
| In the Linux kernel, the following vulnerability has been resolved:
RDMA/efa: Fix use of completion ctx after free
On admin queue completion handling, if the admin command completed with
error we print data from the completion context. The issue is that we
already freed the completion context in polling/interrupts handler which
means we print data from context in an unknown state (it might be
already used again).
Change the admin submission flow so alloc/dealloc of the context will be
symmetric and dealloc will be called after any potential use of the
context. |
| The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
| This CVE has the been REJECTED and will not be published by the CNA. |
