OPENSUSE-SU-2024:0252-1 Security update for opera

This update for opera fixes the following issues: - Update to 112.0.5197.53 CHR-9814 Update Chromium on desktop-stable-126-5197 to 126.0.6478.226 DNA-116974 Site settings popup size not expanding causing display issues DNA-117115 Tab islands are extending partially after Workspace change DNA-1177...

AZL-48012 CVE-2024-42313 affecting package kernel for versions less than 6.6.47.1-1

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

AZL-47949 CVE-2024-42313 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

CVE-2024-42313 media: venus: fix use after free in vdec_close

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

CVE-2024-7790

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input...

Devika 安全漏洞

Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. Devika suffers from a security vulnerability that stems from the presence of a...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESMIEI...

CVE-2024-23353

CVE-2024-23353 affects Qualcomm components (Multi Mode Call Processor) and describes a transient denial-of-service during decoding an attach reject message received by UE when IEI is set to ESM_IEI. CVSSv3.1 base score 7.5 (High) with network attack vector, no user interaction, and impact limited...

PT-2024-19832 · Qualcomm · 205 Mobile Platform Firmware +225

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs while decoding an attach reject message received by a UE User Equipment, specifically...

Visible Encoding Maps

pheonixappapi is vulnerable to Visible Encoding Maps. The vulnerability is due to map of encoding/decoding languages are visible in code...

CVE-2024-41951

Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4...

CVE-2024-41951

The CVE-2024-41951 issue affects Pheonix App (PheonixAppAPI) where the map of encoding/decoding languages is visible in the source, described as a moderate impact vulnerability. Root cause: encoding/decoding language mappings exposed in code. Affected versions were prior to 0.2.4, with a patch re...

Pheonix App 安全漏洞

Pheonix App is a powerful Python application from the individual developers at AkshuDev. Pheonix App has a security vulnerability that stems from the mapping of encoding and decoding languages being visible in the code...

nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

CLSA-2024-1721206783 freerdp: Fix of 12 CVEs

CVE-2023-39352: add bound check in gdiSolidFill - CVE-2023-39353: check indices are within range - CVE-2023-39356: fix checks for multi opaque rect - CVE-2023-40181: fix cBitsRemaining calculation - CVE-2023-40186: fix integer multiplications - CVE-2023-40188: fix input length validation -...

nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

PT-2024-40809 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue was identified, potentially causing a crash. The crash occurs in the ih264d format convert function, which is called by isvc...

CVE-2024-39312 Botan has an Authorization Error due to Name Constraint Decoding Bug

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...

CVE-2024-39312 Botan has an Authorization Error due to Name Constraint Decoding Bug

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...