CVE-2024-2212 Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()

In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...

CVE-2024-2212 Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()

In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...

PT-2024-19216 · Eclipse · Eclipse Threadx

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX versions prior to 6.4.0 Description: The issue arises from missing parameter checks in the xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API. This could lead to integer wraparound, under-allocation...

Fedora: Security Advisory (FEDORA-2024-6460a03e29)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2024-27935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno versions 1.35.1 through 1.36.3, which stems from a Node.js compatibility issue that reuses the global buffer in streamwrap.ts...

SUSE-SU-2024:0947-1 Security update for python-uamqp

This update for python-uamqp fixes the following issues: - CVE-2024-27099: Fixed potential double-free in linkframereceived bsc1220535. Bug fixes: - Fixed compatibility with OpenSSL 3.x bsc1217782...

Cross site scripting

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

Fedora: Security Advisory for apache-commons-lang3 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: octave-8.4.0-6.fc40

GNU Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments using a language that is mostly compatible with Matlab. It may...

[SECURITY] Fedora 40 Update: jmock-2.12.0-16.fc40

Mock objects help you design and test the interactions between the objects in your programs. The jMock library: makes it quick and easy to define mock objects, so you don't break the rhythm of programming. lets you precisely specify the interactions between your objects, reducing the brittleness ...

[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...

CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

GHSA-WRQV-PF6J-MQJP Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer BUF in streamwrap.ts used as a performance...

SUSE CVE-2019-25210

An issue was discovered in Cloud Native Computing Foundation CNCF Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was...

PT-2024-22149 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.35.1 through 1.36.2 Description: A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. Th...

Tokens for named pipes may be delivered after deregistration

Impact When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be...

openSUSE: Security Advisory for vlc (openSUSE-SU-2023:0366-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for vlc (openSUSE-SU-2023:0365-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...