5112 matches found
DEBIAN-CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...
UBUNTU-CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...
CVE-2024-50288 media: vivid: fix buffer overwrite when using > 32 buffers
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...
CVE-2024-50288 media: vivid: fix buffer overwrite when using > 32 buffers
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...
CVE-2024-50288
Technical details for CVE-2024-50288 are not available in the provided connected documents. The initial description mentions a buffer-overflow fix in the Linux kernel vivid driver, but there are no public details on affected versions, exploit status, or remediation beyond the patch.
CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...
CVE-2024-11023
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
CVE-2024-11023
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
cn.langpy:db-listener (>=0.0.9-jdk8 <=1.0.4-jdk8), cn.tenmg:flink-connector-mysql-cdc-log (=1.0.0) +62 more potentially affected by CVE-2023-1419 via io.debezium:debezium-connector-mysql (>=0.3.1 <=2.2.1.Final)
io.debezium:debezium-connector-mysql MAVEN version =0.3.1, =0.0.9-jdk8, =2.10.6.9, =4.3, =4.2, =4.2, =5.0, =2.1.0, =3.0.1 - dev.daodao.data:zipper-core =0.0.1 - io.cdap.delta:mysql-delta-plugins =0.10.0 and more Source cves: CVE-2023-1419 Source advisory: OSV:GHSA-HVW5-3MGW-7RCF...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the hostname parameter in capture.inc.php, when creating a new device. PoC Pass in a...
CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...
CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture...
GHSA-RMR4-X6C9-JC68 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture...
LibreNMS 跨站脚本漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS that stems from a stored...
SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. Description The...
Double-free in libpcap before 1.10.5 with remote packet capture support.
...
Malicious code in pupeteer-capture (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 021121bee5e4389860a59c8fe51ff445ba8a266672fc246bdb5eff63d96d1c5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10517 Malicious code in pupeteer-capture (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 021121bee5e4389860a59c8fe51ff445ba8a266672fc246bdb5eff63d96d1c5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
New Stealer Uses Invalid Cert To Compromise Systems
New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...