31 matches found
CVE-2026-54267
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...
GHSA-J93G-RP6M-J32M Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS
Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS
Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...
Klever-Go KVM read-only execution can commit contract delete and upgrade side effects
Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...
Memory Forensics Techniques for Automated Detection and Analysis of Go Malware
The Go programming language has become increasingly popular among malware developers due to its ability to produce statically linked, cross-platform executables that challenge traditional analysis techniques. These binaries embed a substantial runtime and compiler-generated metadata and are...
[SECURITY] Fedora 42 Update: golang-github-google-wire-0.6.0-14.fc42
Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...
EUVD-2024-52329
Malicious code in bioql PyPI...
CVE-2024-54193
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpuipcsendreceiveinternal Move pmruntimesetactive to ivpupminit so when ivpuipcsendreceiveinternal is executed before ivpupmenable it already has correct runtime state, even if last resume was not...
CVE-2024-54193
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpuipcsendreceiveinternal Move pmruntimesetactive to ivpupminit so when ivpuipcsendreceiveinternal is executed before ivpupmenable it already has correct runtime state, even if last resume was not...
UBUNTU-CVE-2024-54193
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpuipcsendreceiveinternal Move pmruntimesetactive to ivpupminit so when ivpuipcsendreceiveinternal is executed before ivpupmenable it already has correct runtime state, even if last resume was not...
CVE-2024-54193 accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpuipcsendreceiveinternal Move pmruntimesetactive to ivpupminit so when ivpuipcsendreceiveinternal is executed before ivpupmenable it already has correct runtime state, even if last resume was not...
CVE-2024-54193
Technical details about CVE-2024-54193 are not publicly provided in the connected documents. The initial description summarizes a kernel fix but does not specify affected subcomponents, root cause, impact, or patch specifics.
CVE-2024-54193 accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpuipcsendreceiveinternal Move pmruntimesetactive to ivpupminit so when ivpuipcsendreceiveinternal is executed before ivpupmenable it already has correct runtime state, even if last resume was not...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect runtime state when the ivpuipcsendreceiveinternal function is executed before ivpupmenable...
CVE-2024-39492
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pmruntimegetsync warning in mbox shutdown The return value of pmruntimegetsync in cmdqmboxshutdown will return 1 when pm runtime state is active, and we don't want to get the warning message in this case. S...
CVE-2024-1223
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
CVE-2024-1223
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
CVE-2024-1223 Improper authorization controls in PaperCut NG/MF
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
CVE-2024-1223 Improper authorization controls in PaperCut NG/MF
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
CVE-2024-1223
CVE-2024-1223 concerns PaperCut NG/MF. The vulnerability enables unauthorized enumeration of information via the device’s APIs when an attacker already knows a combination of usernames, device names, and an internal system key, and the system is in a specific runtime state. This is described cons...