7653 matches found
CVE-2024-43108
CVE-2024-43108 affects the goTenna Pro ATAK Plugin. The vulnerability is due to AES-CTR encryption for short messages without any integrity checking, making messages malleable to an attacker who can access the message. Affected versions include 1.9.12 and earlier; mitigation guidance recommends u...
CVE-2024-47123
CVE-2024-47123 is tied to the goTenna Pro family where AES-CTR is used for short encrypted messages without an integrity check. The root cause is lack of message integrity protection, which makes ciphertext malleable and could compromise confidentiality/integrity of communications on affected dev...
PT-2024-7240 · D Link · D-Link Dir-605L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: A critical issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to a buffer overflow. It is possible to launch the...
Security Bulletin: Vulnerability in Apache Solr affects IBM watsonx.data
Summary Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This vulnerability can be exploited when...
kernel: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes
A flaw was found in the Linux Kernel. A lpageinfo overflow can occur when checking attributes. This may lead to a crash...
kernel: xfs: add bounds checking to xlog_recover_process_data
A vulnerability has been identified within the Linux kernel's xlogrecoverprocessdata function. Specifically, the function lacks proper bounds checking on the space allocated for the fixed members of the xlogopheader structure during log record processing. This omission can lead to an out-of-bound...
kernel: net: asix: add proper error handling of usb read errors
In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asixreadcmd reads less bytes, than was requested by caller. Since all read requests are...
kernel: drm/radeon: fix UBSAN warning in kv_dpm.c
A vulnerability was found in the Linux kernel's DRM/Radeon driver, specifically in the sumovidmappingentry within the kvdpm.c file. Insufficient bounds checking can lead to memory corruption...
kernel: xfs: add bounds checking to xlog_recover_process_data
A vulnerability has been identified within the Linux kernel's xlogrecoverprocessdata function. Specifically, the function lacks proper bounds checking on the space allocated for the fixed members of the xlogopheader structure during log record processing. This omission can lead to an out-of-bound...
The vulnerability of the Yokogawa Dual-redundant Platform for Computer (PC2CKM) lies in the improper checking of the return value of a method or function, allowing an attacker to trigger a service failure.
The vulnerability of the Yokogawa Dual-redundant Platform for Computer PC2CKM is related to improper checking of the return value of a method or function. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by sending broadcast UDP packets...
The vulnerability of the put_qpel_fallback() function in the h.265 Libde265 implementation allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the putqpelfallback function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
ROS-20240918-10
The Jenkins Automation Server vulnerability is related to a lack of permission checking at the endpoint of the HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information The Jenkins Automation Server Remoting library vulnerability is...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to perform proper null checking on incoming parameters...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to perform proper null checking on incoming parameters...
Cross Site Scripting(XSS)
DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper depth checking, which can be bypassed through special HTML nesting techniques and prototype pollution, allowing an attacker to execute malicious scripts in the victim's browser...
CVE-2024-44176
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service...
CVE-2024-44161
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination...
CVE-2024-44161
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination...
CVE-2024-40841
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination...
CVE-2024-40841
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination...