CVE-2024-48857

The CVE-2024-48857 entry describes a NULL pointer dereference in the PCX image codec of QNX SDP (Blackberry) affecting versions 8.0, 7.1 and 7.0. The underlying issue is triggered during image codec handling, allowing an unauthenticated attacker to cause a denial-of-service condition in the conte...

CVE-2024-48856 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec...

CVE-2024-48856

CVE-2024-48856 affects BlackBerry/QNX SDP, specifically the PCX image codec. The issue is an out-of-bounds write in the PCX codec that impacts SDP versions 8.0, 7.1 and 7.0, allowing an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process u...

CVE-2024-48855 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

CVE-2024-48855 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

CVE-2024-48855

CVE-2024-48855 affects BlackBerry/QNX SDP: an out-of-bounds read in the TIFF image codec impacts SDP versions 8.0, 7.1 and 7.0, enabling an unauthenticated attacker to cause information disclosure within the process using the image codec. Reported impact aligns with information disclosure (confid...

CVE-2024-48854

CVE-2024-48854 involves an off-by-one error in the TIFF image codec of BlackBerry QNX SDP. Affected products: QNX SDP versions 8.0, 7.1 and 7.0. The underlying issue is an off-by-one defect in the TIFF codec that could allow an unauthenticated attacker to perform an information disclosure within ...

CVE-2024-48854 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

CVE-2024-48854 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

CVE-2024-35215

NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform SDP versions 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process...

CVE-2024-35215

The CVE-2024-35215 issue affects QNX Software Development Platform (SDP) 7.0 and 7.1, where a NULL pointer dereference in the IP socket options processing of the Networking Stack can allow a local attacker to cause a denial-of-service in the Networking Stack process. This is the explicit root cau...

CVE-2024-35215

NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform SDP versions 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process...

SQL Injection Vulnerability in Saber Enterprise Development Platform of Shanghai Breadtech Co.

Ltd. is a software technology-oriented enterprise with high-end software technology consulting and microservice technology architecture design as its main business. A SQL injection vulnerability exists in the Saber Enterprise Development Platform of Shanghai Breadtech Limited, which can be...

[SECURITY] Fedora 40 Update: pgadmin4-8.6-1.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 40 Update: pgadmin4-8.4-1.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

The vulnerability of Microsoft Visual Studio, a software development tool, and the .NET software platform lies in the lack of adequate testing of input data. This allows attackers to trigger service failures.

The vulnerability of Microsoft Visual Studio, a software development tool, and the .NET software platform exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to cause system failures...

CVE-2023-50253 laf logs leak

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

CVE-2023-50253 laf logs leak

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

CVE-2023-48225 Laf env causes sensitive information disclosure

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...