K000148485: qt vulnerabilities CVE-2017-10905 and CVE-2014-0190

Security Advisory Description CVE-2017-10905 A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVE-2014-0190 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of...

CVE-2024-50378

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

CVE-2024-50378 Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

PT-2024-26495 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir version e8117 Description: A stack overflow issue was discovered in the init local vars function at /src/vmir wasm parser.c. This issue affects the vmir software, allowing for potential exploitation. Recommendations: For version e8117,...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a stack overflow in the initlocalvars function...

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

Internet Bug Bounty: Secrets not masked in UI when sensitive variables are set via Airflow cli

A vulnerability was discovered in Apache Airflow where sensitive variables set using the Airflow CLI were not properly masked in the UI, specifically in the Audit logs page. This issue was addressed in the 2.10.3 release of Apache Airflow...

Check Point Gaia Portal 安全漏洞

Check Point Gaia Portal is a web-based advanced interface for Gaia platform configuration from Check Point Israel. A security vulnerability exists in Check Point Gaia Portal that originates from an authenticated user being able to inject code or commands using global variables via a special HTTP...

PT-2024-20662 · Gaia · Gaia

Name of the Vulnerable Software and Affected Versions: Gaia affected versions not specified Description: The issue allows authenticated Gaia users to inject code or commands by global variables through special HTTP requests. A security fix is available to mitigate this issue. Recommendations: At...

IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 4 vulnerabilities in ibmsecurity Advisory URL: https://pierrekim.github.io/advisories/2024-ibmsecurity.txt Blog URL: https://pierrekim.github.io/blog/2024-11-01-ibmsecurity-4-vulnerabilities.html Date published: 2024-11-0...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk AutoCAD that originates from a maliciously constructed DXF file parsed in acdb25.dll may result in variables being accessed before they are...

PT-2024-9024 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 26.0.2 Description: A flaw was found in Keycloak, where sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintende...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from post-release reuse in ufshcscsicmd in ufs.c. There may be post-release reuse of stack variables...

CVE-2024-49898

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...

CVE-2024-49898

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...

AZL-51054 CVE-2024-49898 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...

CVE-2024-49898 drm/amd/display: Check null-initialized variables

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...

CVE-2024-49898 drm/amd/display: Check null-initialized variables

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...

CVE-2024-49898 drm/amd/display: Check null-initialized variables

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...