CVE-2024-5197 Integer overflow in libvpx
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be...
This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The process and objective is simple we can get a clear perspective view on the packages installed by APT (currently working on implementing this for RPM and other package managers). This is.....
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to...
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer...
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...
counselscottage.com Cross Site Scripting vulnerability OBB-3932713
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Active Exploits target Check Point Security Gateway Zero-Day Information Disclosure flaw Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On...
0.019EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
CVE-2024-23360 Improper Access Control in Graphics Windows
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU...
CVE-2024-21478 NULL Pointer Dereference in Graphics
transient DOS when setting up a fence callback to free a KGSL memory entry object during...
CVE-2023-43556 Buffer Copy Without Checking Size of Input in Hypervisor
Memory corruption in Hypervisor when platform information mentioned is not...
CVE-2023-43545 Integer Overflow or Wraparound in WLAN HOST
Memory corruption when more scan frequency list or channels are sent from the user...
CVE-2023-43544 Use After Free in Audio
Memory corruption when IPC callback handle is used after it has been released during register callback by another...
CVE-2023-43543 Use After Free in Audio
Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph...
CVE-2023-43542 Buffer Copy Without Checking Size of Input in Trusted Execution Environment
Memory corruption while copying a keyblobs material when the key materials size is not accurately...
Memory corruption in TZ Secure OS while Tunnel Invoke Manager...
maipa.law Cross Site Scripting vulnerability OBB-3932666
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
IT threat evolution in Q1 2024. Mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most...
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...
0.003EPSS
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() When I did memory failure tests recently, below warning occurs: DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232...
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole of an.....
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to prevent memory...
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution [Why] Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and....
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code...
european-portuguese.info Cross Site Scripting vulnerability OBB-3932601
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
it.textstudio.com Cross Site Scripting vulnerability OBB-3932591
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
A week in security (May 27 – June 2)
Last week on Malwarebytes Labs: Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? The Ticketmaster "breach"—what you need to know Ticketmaster confirms customer data breach How to tell if a VPN app added your Windows device to a botnet Beware of...
(RHSA-2024:3546) Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1793)
The remote host is missing an update for the Huawei...
0.003EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1791)
The remote host is missing an update for the Huawei...
0.0005EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1786)
The remote host is missing an update for the Huawei...
0.001EPSS
Huawei EulerOS: Security Advisory for linux-sgx (EulerOS-SA-2024-1804)
The remote host is missing an update for the Huawei...
0.002EPSS
0.007EPSS
0.005EPSS
0.001EPSS
0.001EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1796)
The remote host is missing an update for the Huawei...
0.037EPSS
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1805)
The remote host is missing an update for the Huawei...
0.0004EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1798)
The remote host is missing an update for the Huawei...
0.001EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1797)
The remote host is missing an update for the Huawei...
0.02EPSS
0.0005EPSS
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1787)
The remote host is missing an update for the Huawei...
0.0005EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1788)
The remote host is missing an update for the Huawei...
0.003EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1800)
The remote host is missing an update for the Huawei...
0.003EPSS
0.0004EPSS
Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1801)
The remote host is missing an update for the Huawei...
0.0004EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1785)
The remote host is missing an update for the Huawei...
0.02EPSS
A vulnerability in the XML parser library libexpat is related to incorrect restriction of recursive object references in DTDs. recursive object references in DTDs. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of...
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1783)
The remote host is missing an update for the Huawei...
0.037EPSS