A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the...
7.4AI Score
0.001EPSS
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
0.001EPSS
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
7.3AI Score
0.001EPSS
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
7.2AI Score
0.001EPSS
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
4AI Score
0.0004EPSS
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
0.001EPSS
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
0.0004EPSS
CVE-2024-6295 udn News App - Insecure Data Storage
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
6.7AI Score
0.0004EPSS
CVE-2024-6295 udn News App - Insecure Data Storage
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
0.0004EPSS
CVE-2024-6294 udn News App - Sensitive Information Exposure
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
0.0004EPSS
CVE-2024-6294 udn News App - Sensitive Information Exposure
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
6.8AI Score
0.0004EPSS
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
7.2AI Score
0.001EPSS
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
0.001EPSS
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
7.2AI Score
0.001EPSS
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
0.001EPSS
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1849)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...
7.8CVSS
8AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of ->lqueued is re-ordered with READ of 'bisc->lnod...
6.8AI Score
0.0004EPSS
Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite...
7.8CVSS
7.6AI Score
0.0004EPSS
8.8CVSS
7.5AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
6.8AI Score
0.0004EPSS
EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...
7.4AI Score
0.0004EPSS
HP PC BIOS Additional Security Update for TOCTOU
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has...
7.6AI Score
EPSS
Spring Tips: Further, Faster with Spring Boot 3.3
Hi, Spring fans! In this installment we look at ways to make your applications go further, faster, with AppCDS, GraalVM, AOT on the JRE, and Project CRaC (coordinate restore at checkpoint) springboot #java #graalvm #programming...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...
7.8CVSS
7.7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0004EPSS
About the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 This document describes the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. About Apple security updates For our...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...
7.1AI Score
0.0004EPSS
control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU...
6.6AI Score
EPSS
FreeBSD : chromium -- multiple security fixes (2b68c86a-32d5-11ef-8a0f-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2b68c86a-32d5-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not...
7.8CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both...
5.5CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1822)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1828)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...
7.8CVSS
8AI Score
0.0005EPSS
7.4CVSS
7.8AI Score
0.004EPSS
A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the register_vfs() function (hw/pci/pcie_sriov.c) of the QEMU hardware emulator is related to a buffer...
6.5CVSS
6.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug.....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuse_request_end+0x685/0x7e0...
6.7AI Score
0.0004EPSS
Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...
8.4CVSS
7AI Score
0.0004EPSS
Vulnerability in tiff.c file of ImageMagick console graphics editor related to buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of...
5.5CVSS
6.7AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4084 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...
9CVSS
7.2AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places....
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1828)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
7.3CVSS
7.5AI Score
0.003EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-1843)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...
7.8CVSS
7.4AI Score
0.0005EPSS
EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2024-1848)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals...
9.8AI Score
0.0005EPSS