CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-26960

CVE-2024-26960 is described in connected Astra Linux and IBM bulletin entries as a Linux kernel race in mm/swap between free_swap_and_cache() and swapoff(). The vulnerability arises from a window where swapoff() could teardown a swap_info_struct while free_swap_and_cache() runs, potentially allow...

PT-2024-30811 · Jamf · Jamf Compliance Editor

Name of the Vulnerable Software and Affected Versions: Jamf Compliance Editor versions prior to 1.3.1 Description: The issue concerns a local privilege escalation in the XPC service within the audit functionality of Jamf Compliance Editor on macOS. Recommendations: For versions prior to 1.3.1,...

CVE-2024-23463

CVE-2024-23463 affects Zscaler Client Connector on Windows prior to 4.2.1. The anti-tampering protection can be bypassed when using the Repair App functionality, per connected sources (e.g., PT-2024-19886 and RH/CVE-2024-23463). Root cause is bypass of the built-in tamper protection during Repair...

CVE-2024-23463 Anti-Tampering bypass via Repair App functionality

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1...

Moderate: mod_jk and mod_proxy_cluster security update

The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...

PT-2024-19886 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.1 Description: The anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. Recommendations: For versions prio...

PT-2025-13364 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel's Bluetooth functionality. Specifically, when hci cmd sync queue fails in hci le terminate big or hci le big terminate, the...

PT-2025-13363 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel's Bluetooth functionality, specifically in the hci update adv data function. When hci cmd sync queue fails, the inst ptr is...

PT-2025-25903 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the ftrace functionality. This issue arises when ftrace startup enable fails, causing the...

ALSA-2024:2169 Moderate: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367...

CVE-2024-3375

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84...

CVE-2024-3375 Broken Access Control in Havelsan's Dialogue

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84...

Fedora 40 : thunderbird (2024-d8a0e599e2)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d8a0e599e2 advisory. Update to 115.8.1 https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ read that if you have mails with encrypted email subjects...

CVE-2024-3682

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extrac...

CVE-2024-3682 WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extrac...

PT-2024-24761 · Unknown · Loginpress Pro

Name of the Vulnerable Software and Affected Versions: LoginPress Pro versions prior to 3.0.0 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts, which allows for the removal of important client functionality. Recommendations: For versions prior to...

CVE-2024-20358

A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...