CVE-2024-39473 ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...

Oracle Linux 8 : python3 (ELSA-2024-4243)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4243 advisory. 3.12.3-2 - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40776 3.12.3-1 - Update to 3.12.3 Related: RHEL-33685 3.12.2-3 - Move all te...

python3 security update

3.12.3-2 - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40776 3.12.3-1 - Update to 3.12.3 Related: RHEL-33685 3.12.2-3 - Move all test modules to the python3-test package, namely: - phello - xxsubinterpreters - xxlimited - xxlimited35 - xxsubtype 3.12.2-2 - Fix tests f...

CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows...

Number withdrawn

RequireJS is RequireJS open source a library . It is used to load normal JavaScript files as well as more defined modules. This CVE number has been withdrawn...

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example cgo can execute a gcc program from an untrusted download).

...

MAL-2024-7051 Malicious code in @rfv/modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54928ac42ea161e8755f8a229b9b544f2da2b72cb2492e0f83b8ebe678a8f819 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

CVE-2024-5535

CBL-Mariner advisory CVE-2024-5535 affects package hvloader for versions older than 1.0.1-6. An upgraded hvloader (1.0.1-6 or newer) resolves the issue. The advisory notes that a newer version is available to address the vulnerability.

OpenSSL 3.1.0 < 3.1.7 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.1.7. It is, therefore, affected by a vulnerability as referenced in the 3.1.7 advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memor...

CVE-2024-5805

Improper Authentication vulnerability in Progress MOVEit Gateway SFTP modules allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0...

CVE-2024-5805

Improper Authentication vulnerability in Progress MOVEit Gateway SFTP modules allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0...

CVE-2024-5805 MOVEit Gateway Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Gateway SFTP modules allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0...

CVE-2024-5805

CVE-2024-5805 is an improper authentication vulnerability in Progress MOVEit Gateway (SFTP module) that allows authentication bypass affecting MOVEit Gateway 2024.0.0. A fix exists in MOVEit Gateway 2024.0.1; 2024.0.0 remains vulnerable. Vendor advisories and national/corporate feeds confirm patc...

CVE-2024-5805 MOVEit Gateway Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Gateway SFTP modules allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1842)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An...

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" helpdesk up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets'...

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" productsalert before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method...

CVE-2024-37021

Technical details for CVE-2024-37021 are not publicly available in the provided connected documents. The initial description references fpga_manager owner/refcount changes in the Linux kernel, but no further technical specifics (affected products/versions/fixes) are given here. Monitor for updates.

PT-2024-26282 · Unknown · Fme Modules For Prestashop

Name of the Vulnerable Software and Affected Versions: FME Modules for PrestaShop helpdesk module versions up to 2.4.0 Description: The issue allows attackers to obtain sensitive information and cause other impacts. It is related to the Tickets::getsearchedtickets function. Recommendations: For...