5634 matches found
@bit/bundler (>=12.0.0 <=12.1.3), pakit (>=2.0.0 <=2.3.0) potentially affected by CVE-2024-24293 via @bit/loader (=10.0.3)
@bit/loader NPM version =10.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on @bit/loader and may be impacted: - @bit/bundler =12.0.0, =2.0.0, =2.3.0 Source cves: CVE-2024-24293 Source advisory: OSV:GHSA-8VR4-H4RR-8PH6...
GHSA-8VR4-H4RR-8PH6 MiguelCastillo @bit/loader Prototype Pollution issue
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...
CVE-2024-24293
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...
CVE-2024-24293
CVE-2024-24293 affects MiguelCastillo @bit/loader (version 10.0.3). The root cause is a prototype pollution flaw in the M function’s e argument within index.js, enabling arbitrary code execution. Exploitation status is not detailed in the provided documents. Remediation guidance from PT-Security ...
CVE-2024-24293
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...
CVE-2024-24293
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...
bit-loader 安全漏洞
bit-loader is a framework for building module loaders by the individual developer Miguel Castillo. A security vulnerability exists in bit-loader-babel version v.10.0.3, which originated from a vulnerability that allows an attacker to execute arbitrary code via the M function e parameter in index....
PT-2024-20340 · Unknown · @Bit/Loader
Name of the Vulnerable Software and Affected Versions: @bit/loader version 10.0.3 Description: A Prototype Pollution issue allows an attacker to execute arbitrary code via the M function e argument in index.js. Recommendations: For version 10.0.3, consider disabling the M function until a patch i...
SUSE CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
DEBIAN-CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
UBUNTU-CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
CVE-2024-27413
CVE-2024-27413 is a Linux kernel vulnerability affecting the EFI capsule loader. The defect occurs in drivers/firmware/efi/capsule-loader.c during efi_capsule_open, where an allocation uses sizeof(void*) for a phys_addr_t on 32-bit builds, leading to insufficient allocation size (4 bytes vs 8). T...
CVE-2024-27413 efi/capsule-loader: fix incorrect allocation size
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
CVE-2024-27413 efi/capsule-loader: fix incorrect allocation size
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
CVE-2024-27413 efi/capsule-loader: fix incorrect allocation size
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect memory allocation in the efi/capsule-loader module...