UBUNTU-CVE-2024-45618

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

CVE-2024-45617 Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to...

VMware Fusion 安全漏洞

VMware Fusion is a suite of virtual machine software from VMware, Inc. designed to run Windows applications on Macs. A security vulnerability exists in VMware Fusion that stems from the use of insecure environment variables, resulting in a code execution vulnerability...

PT-2024-9400

Name of the Vulnerable Software and Affected Versions OpenSC affected versions not specified OpenSC tools affected versions not specified PKCS11 module affected versions not specified minidriver affected versions not specified CTK affected versions not specified Description An issue exists in...

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

NTP Clock Variables Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Clock Variables Disclosure', 'Description' = %q This module reads the system internal NTP variables. These variables contain potentially...

MinIO Bootstrap Verify Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MinIO Bootstrap Verify Information Disclosure', 'Description' = %q MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment...

`spam` project on PyPI compromised, malicious releases made

The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

GHSA-2R6G-7R83-JG72 `spam` project on PyPI compromised, malicious releases made

The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

GHSA-X6XG-3FJ2-4PQ3 `exotel` project on PyPI compromised, malicious release made

The exotel project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

`exotel` project on PyPI compromised, malicious release made

The exotel project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

CLSA-2024-1725012247 Fix CVE(s): CVE-2024-37894

SECURITY UPDATE: Memory Corruption via Out-of-bounds Write in ESI variables assignment - debian/patches/CVE-2024-37894.patch: fix incorrect type declaration in TrieNode.cc to prevent potential type conversion issues - CVE-2024-37894...

PT-2024-40522 · Pypi · Exotel

Name of the Vulnerable Software and Affected Versions: Exotel affected versions not specified Description: The issue concerns a compromise of the Exotel project on PyPI through a phishing attack, leading to a malicious release that downloads and runs malware during installation. This affects...

PT-2024-40032 · Pypi · Spam

Name of the Vulnerable Software and Affected Versions: spam project on PyPI affected versions not specified Description: The issue concerns a compromise of the spam project on PyPI via a phishing attack, leading to a malicious release that downloads and runs malware at install time by accessing...

CVE-2024-43902

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULLRETURNS issues reported by Coverity...

SUSE CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

GO-2022-0634 Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad

Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad...

DEBIAN-CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

CVE-2023-52893 gsmi: fix null-deref in gsmi_get_variable

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

CVE-2023-52893 gsmi: fix null-deref in gsmi_get_variable

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...