PT-2024-37357 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue has been found, affecting the function m2tsdmx on event of the file src/filters/dmx m2ts.c of the component MP4Box. The manipulation leads to null pointer...

CVE-2024-36405

CVE-2024-36405 affects the liboqs reference Kyber KEM implementation. A control-flow timing leak arises when the Kyber KEM is compiled with Clang 15–18 under certain options (including -Os and -O1), enabling a local attacker to measure decapsulation timings and recover the entire ML-KEM 512 secre...

CVE-2024-36405 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...

CVE-2024-36405

Removed by vendor...

PT-2024-26866 · Linux Mint · Mintupload

Name of the Vulnerable Software and Affected Versions: mintupload versions through 4.2.0 Description: The issue is related to service-name mishandling, which leads to command injection via shell metacharacters in functions such as check connection, drop data received cb, and Service.remove. A use...

CVE-2024-20872

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE...

PT-2024-18778 · Samsung · Samsung Notes

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.15 Description: The issue is related to improper input validation, allowing local attackers to delete files with Samsung Notes privilege under certain conditions. Recommendations: For versions prior to...

CVE-2024-34490

CVE-2024-34490 affects Maxima up to 5.47.0 before 51704c. The plotting facilities (e.g., plot2d) use predictable file names under /tmp, allowing a local attacker to pre-create files and influence contents. This is a local-impact condition as described in multiple connected sources (Red Hat, NVD/o...

PYSEC-2024-280

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machdreader.c component...

CVE-2023-50197

Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2023-42124

Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on t...

kubevirt allows a local attacker to execute arbitrary code via a crafted command

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

AZL-64787 CVE-2024-33394 affecting package kubevirt for versions less than 0.59.0-30

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

CVE-2024-33394

CVE-2024-33394 affects kubevirt packages. Connected docs specify: vulnerable versions are kubevirt < 0.59.0-30 and kubevirt

CVE-2024-26504

An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter...

CVE-2023-51794

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/afstereowiden.c:120:69...

CVE-2024-28326

CVE-2024-28326 affects ASUS RT-N12+ B1 and RT-N12 D1 routers. The issue is described as Incorrect Access Control allowing local attackers to obtain a root terminal via the UART interface, implying a physical access/exploit through UART to gain high-privilege control. Connected documents corrobora...

CVE-2023-51794

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/afstereowiden.c:120:69...

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

SUSE CVE-2023-51793

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in imagecopyplane...