6775 matches found
UBUNTU-CVE-2024-53083
In the Linux kernel, the following vulnerability has been resolved: usb: typec: qcom-pmic: init value of hdrlen/txbuflen earlier If the read of USBPDPHYRXACKNOWLEDGEREG failed, then hdrlen and txbuflen are uninitialized. This commit stops to print uninitialized value and misleading/false data...
CVE-2024-53081 media: ar0521: don't overflow when checking PLL values
In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that bot...
CVE-2024-53081
Public technical details (affected product/version/root cause/patch) for CVE-2024-53081 are not provided in the connected documents. Monitor for updates when new information becomes available.
PT-2024-35496 · Unknown · Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: An issue allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. This can...
OESA-2024-2410 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
OESA-2024-2408 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
The vulnerability of Siemens SINEC Security Monitor’s security software lies in its improper validation of user-input data against a list of allowed values. This allows a perpetrator to compromise the integrity of the affected application configuration.
The vulnerability of Siemens SINEC Security Monitor software-related security protection lies in improper verification of the data entered by users against a list of allowed values. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...
Carriage Return Line Feed(CRLF) Injection
Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...
CVE-2024-10717
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivatelicense function in all versions up to, and including, 3.3.4. This makes it possible for authenticated...
python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...
BIT-AIRFLOW-2024-50378 Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli
Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...
DEBIAN-CVE-2024-46952
An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...
CVE-2024-50378
Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...
CVE-2024-50378
Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...
CVE-2024-50378
This CVE (CVE-2024-50378) affects Apache Airflow versions before 2.10.3. The root cause is that when sensitive variables are set via the Airflow CLI, their values were written to audit logs and stored unencrypted in the Airflow database, making them accessible to authenticated users with audit lo...
Apache Airflow 安全漏洞
Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache USA Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 2.10.3, which stems from a vulnerabili...
PT-2024-34168
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.3 Description: The issue allows authenticated users with audit log access to see sensitive values in audit logs that they should not see. This occurs when sensitive variables are set via the Airflow CLI,...
CVE-2024-50163
In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...
The vulnerabilities of AppleTalk Dissector, Dissector/RELOAD, Framing Dissector, and the Wireshark traffic analyzer allow attackers to cause service failures.
The vulnerability of AppleTalk Dissector/RELOAD Framing Dissector for computer network traffic detection by Wireshark is related to incorrect handling of missing values. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
CLSA-2024-1730919625 Fix CVE(s): CVE-2020-27773, CVE-2020-27775
SECURITY UPDATE: Integer overflow vulnerability in gem-private.h - debian/patches/CVE-2020-27773.patch: fix gamma calculation to prevent division by zero in ConvertLuvToXYZ function - CVE-2020-27773 SECURITY UPDATE: Undefined behaviour in quantum.h - debian/patches/CVE-2020-27775.patch: fix...