Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit PDF Reader, which stems from the Annotation feature that contains a reuse-after-release, leading to an information disclosure vulnerability...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit PDF Reader, which stems from the Annotation feature that contains a reuse-after-release, leading to a remote code execution vulnerability...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit PDF Reader, which stems from the Annotation feature that contains a reuse-after-release, leading to a remote code execution vulnerability...

kernel: tick/nohz: unexport __init-annotated tick_nohz_full_setup()

In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to ...

kernel: wireguard: receive: annotate data-race around receiving_counter.counter

In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair-receivingcounter.counter. Use READONCE and WRITEONCE annotations to mark the data rac...

SUSE CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

This Week in Spring - November 5th, 2024

This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...

firefox update

128.2.0-1.0.1 - Remove nomerge annotation from abort calls Orabug: 37079143 - Update to 128.2.0 Orabug: 37079143...

CVE-2024-50014 ext4: fix access to uninitialised lock in fc replay path

In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static...

Adobe Reader < 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 15.006.30119 or 15.010.20056. It is, therefore, affected by multiple vulnerabilities. - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat...

Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

PT-2024-39822 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploi...

Malicious code in annotation-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2732273e139ee7c5d41de6000e70acf725f550c02141b87340c6a2845111d19c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9125 Malicious code in annotation-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2732273e139ee7c5d41de6000e70acf725f550c02141b87340c6a2845111d19c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-2501)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-2525)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-2525)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an...

Malicious Package

Overview annotation-app is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview annotation-app is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

CVE-2024-47064

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access t...