CVE-2024-21855
published 2024-11-21CVE-2024-21855: A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.04%
78.7th percentile
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gocast | gocast | — | — |
| linux | linux_kernel | >= 0 < 5.15.0-164.174 | 5.15.0-164.174 |
| linux | linux_kernel | >= 0 < 5.4.0-224.244 | 5.4.0-224.244 |
| mayuresh82 | gocast | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-iot vulnerabilities
osv·2026-01-12·CVSS 7.8
CVE-2022-49026 linux-iot vulnerabilities
linux-iot vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- InfiniBand drivers;
- Media drivers;
- Network drivers;
- Pin controllers subsystem;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
(CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935,
CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)
OSV
linux-kvm vulnerabilities
osv·2026-01-09·CVSS 7.8
CVE-2022-49390 linux-kvm vulnerabilities
linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Media drivers;
- Network drivers;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Netfilter;
(CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993,
CVE-2025-40018)
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities
osv·2026-01-06·CVSS 7.8
linux-raspi, linux-raspi-5.4 vulnerabilities
linux-raspi, linux-raspi-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- InfiniBand drivers;
- Media drivers;
- Network drivers;
- Pin controllers subsystem;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
(CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935,
CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)
OSV
linux-raspi vulnerabilities
osv·2025-12-19·CVSS 7.8
CVE-2022-49390 linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Media drivers;
- Network drivers;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Netfilter;
(CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993,
CVE-2025-40018)
OSV
linux-oracle-5.4 vulnerabilities
osv·2025-12-19·CVSS 7.8
linux-oracle-5.4 vulnerabilities
linux-oracle-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- InfiniBand drivers;
- Media drivers;
- Network drivers;
- Pin controllers subsystem;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
(CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935,
CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency,
osv·2025-12-11·CVSS 7.8
linux, linux-aws, linux-aws-5.15, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency,
linux, linux-aws, linux-aws-5.15, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Media drivers;
- Network drivers;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Netfilter;
(CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025
OSV
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
osv·2025-12-11·CVSS 7.8
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- InfiniBand drivers;
- Media drivers;
- Network drivers;
- Pin controllers subsystem;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
(CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935,
CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)
OSV
linux-realtime, linux-intel-iot-realtime vulnerabilities
osv·2025-12-11·CVSS 7.8
CVE-2022-49390 linux-realtime, linux-intel-iot-realtime vulnerabilities
linux-realtime, linux-intel-iot-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Media drivers;
- Network drivers;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Netfilter;
(CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993,
CVE-2025-40018)
OSV
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
osv·2025-12-11·CVSS 7.8
CVE-2022-49390 linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Media drivers;
- Network drivers;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Netfilter;
(CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993,
CVE-2025-40018)
OSV
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp vulnerabilities
osv·2025-12-10·CVSS 7.8
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp vulnerabilities
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- InfiniBand drivers;
- Media drivers;
- Network drivers;
- Pin controllers subsystem;
- AFS file system;
- F2FS file system;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
(CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935,
CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090,
CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-399
GHSA
GHSA-c6qm-82c6-q92v: A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1
ghsa_unreviewed·2024-12-20
CVE-2024-21855 [CRITICAL] CWE-306 GHSA-c6qm-82c6-q92v: A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
Talos
MC LR Router and GoCast unpatched vulnerabilities
blogs_talos·2024-12-09·CVSS 7.2
[HIGH] MC LR Router and GoCast unpatched vulnerabilities
## MC LR Router and GoCast unpatched vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service.
These vulnerabilities have not been patched at time of this posting.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## MC Technologies OS command injection vulnerabilities
Discovered by Matt Wiseman of Cisco Talos.
The MC-LR Router from MC Technologies supports IPsec and OpenVPN implementations, firewall capabilities, remote management via HTTP and SNMP, and configurable alerting via SMS and email, with two-p
Talos
MC LR Router and GoCast unpatched vulnerabilities
blogs_talos·2024-12-09·CVSS 7.2
[HIGH] MC LR Router and GoCast unpatched vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service.
These vulnerabilities have not been patched at time of this posting.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
## MC Technologies OS command injection vulnerabilities
Discovered by Matt Wiseman of Cisco Talos.
The MC-LR Router from MC Technologies supports IPsec and OpenVPN implementations, firewall capabilities, remote management via HTTP and SNMP, and configurable alerting via SMS and email, with two-port and four-port variants, includes models that support
2024-11-21
Published