GPAC 资源管理错误漏洞

GPAC is an open source multimedia framework from GPAC Open Source. A resource management error vulnerability exists in GPAC version 2.3-DEV-revrelease, which stems from memory reuse after release...

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2024-45218)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2024-45217)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

ALSA-2024:9088 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent...

CVE-2024-51837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a through 1.0.0...

CVE-2024-51837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through = 1.0.0...

CVE-2024-51837

CVE-2024-51837 is a WordPress WP Contest plugin SQL injection vulnerability (Improper Neutralization of Special Elements) affecting WP Contest

CVE-2024-51837 WordPress WP Contest plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through = 1.0.0...

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

CVE-2024-10946

A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file...

CVE-2024-10947 Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System BatchOrder sql injection

A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=adminorder&xsl=adminOrderOrderList.xsl. The...

CVE-2024-10946 Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System SysLib sql injection

A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file...

ALSA-2024:8935 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Possible denial of service in X.509 name checks CVE-2024-6119 For more details about the security issues, including...

This Week in Spring - November 5th, 2024

This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...

The vulnerability of the JavaScript and TypeScript matrix-react-sdk development tools lies in the insufficient protection of sensitive data. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the JavaScript and TypeScript matrix-react-sdk development tools is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

MacOS Malware Surges as Corporate Usage Grows

MacOS Malware Surges as Corporate Usage Grows By Ilya Kolmanovich, Prashant Kadam and Duy-Phuc Pham · October 30, 2024 This blog was also written by Joe Malenfant and Max Kersten An apple a day keeps the doctor away, While the age-old expression does have its merits, the malware landscape on...

Arbitrary File Read Vulnerability in KingPortal Development System Client of Beijing Asia Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of automation software platform. There is an arbitrary file reading vulnerability in the client side of KingPortal development system of Beijing Asian Control Technology Development Co., Ltd, which can be exploited b...

[SECURITY] Fedora 40 Update: edk2-20240813-2.fc40

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

RLSA-2024:8117 Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JD...