Ubuntu 16.04 LTS : Apport vulnerabilities (USN-6894-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6894-1 advisory. Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly us...

CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

MAL-2024-7660 Malicious code in sap-canvas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32484128781f716486f2d020f4516841a37af1178392f8427cd058306c255ade The OpenSSF Package Analysis project identified 'sap-canvas' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

PT-2024-5036 · Nvidia +1 · Nvidia Cuda Toolkit +1

Name of the Vulnerable Software and Affected Versions: NVIDIA CUDA Toolkit affected versions not specified Description: The issue is related to an out-of-bounds read problem in the nvdisasm utility of the NVIDIA CUDA Toolkit. This can be exploited by deceiving a user into reading a malformed ELF...

CVE-2024-5912

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked...

CVE-2024-5912

CVE-2024-5912 affects Palo Alto Networks Cortex XDR agent where improper file signature verification checks may allow bypass of the agent’s executable blocking, enabling execution of untrusted executables on the device. The issue is tied to the Cortex XDR agent application itself and is described...

CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked...

CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked...

Cortex XDR Agent: Improper File Signature Verification Checks

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked...

Palo Alto Networks Cortex XDR Security Vulnerability

Palo Alto Networks Cortex XDR is an extended detection and response platform that natively integrates network, endpoint, cloud, and third-party data from U.S.-based Palo Alto Networks. A security vulnerability exists in Palo Alto Networks Cortex XDR that stems from improper file signature checkin...

PT-2024-5017 · Palo Alto Networks · Palo Alto Networks Cortex Xdr Agent

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Cortex XDR agent affected versions not specified Description: The issue is related to an improper file signature check in the Palo Alto Networks Cortex XDR agent, which may allow an attacker to bypass the agent's executable...

SUSE CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

DEBIAN-CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

UBUNTU-CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

PT-2024-4731

Name of the Vulnerable Software and Affected Versions: Exim versions prior to 4.98 Exim versions 4.97.1 and earlier Exim versions 4.93-13ubuntu1.12 and earlier Exim versions 4.94.2-7+deb11u3 and earlier Exim versions 4.96-15+deb12u5 and earlier Description: Exim is vulnerable to a parsing error i...

CVE-2024-39929

CVE-2024-39929 affects Exim by misparsing multiline RFC 2231 header filenames, allowing a remote attacker to bypass a mime_filename extension-blocking check and potentially deliver executable attachments. Public references show patches exist: Fedora/NASL entries note fixes in exim 4.98 (and newer...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...