The vulnerability of Adobe Audition’s audio editor, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of Adobe Audition is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created malicious file...

WordPress plugin WP SVG Images security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CMSimple_XH Security Vulnerability

CMSimpleXH is a fast, small, easy-to-use and easy-to-install modular content management system CMS from CMSimpleXH open source. A security vulnerability exists in CMSimpleXH version 1.7.6, which stems from a cross-site scripting attack that can be performed by uploading a carefully crafted SVG...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from a problem in the genirq/cpuhotplug,x86/vector module...

CVE-2024-38359

The Lightning Network Daemon lnd - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version v0.17.0 to be...

CVE-2024-38359 Lightning Network Daemon Onion Bomb

The Lightning Network Daemon lnd - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version v0.17.0 to be...

WordPress WP SVG Images plugin <= 4.2 - Authenticated Stored Cross-Site Scripting via SVG vulnerability

Authenticated Stored Cross-Site Scripting via SVG vulnerability discovered by Colin Xu in WordPress Plugin WP SVG images versions = 4.2...

WordPress Branda plugin <= 3.4.17 - Authenticated Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Branda versions = 3.4.17...

CVE-2024-38603

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devmaddactionorreset pciallocirqvectors allocates an irq vector. When devmaddaction fails, the irq vector is not freed, which leads to a memory leak. Replace the devmaddaction with...

DEBIAN-CVE-2024-38603

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devmaddactionorreset pciallocirqvectors allocates an irq vector. When devmaddaction fails, the irq vector is not freed, which leads to a memory leak. Replace the devmaddaction with...

CVE-2024-38603

Mode C CVE-2024-38603 (Linux kernel) affects drivers/perf: hisi: hns3. Root cause: pci_alloc_irq_vectors() allocates an irq vector; if devm_add_action() fails, the irq vector is not freed, causing a memory leak. Fix: replace devm_add_action() with devm_add_action_or_reset() so the irq vector can ...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that in the spu2dumpomd function, the value of ptr is increased by ciphkeylen instead of hashivlen,...

Puppeteer Security Vulnerabilities

Puppeteer is a web page renderer by the individual developer Yeongjin Lee. A security vulnerability exists in puppeteer-renderer v.3.2.0 and earlier versions that could allow an attacker to read sensitive information from the server using the URL parameter of the file protocol...

CVE-2024-27178

CVE-2024-27178 affects Toshiba e-STUDIO multifunction printers. The vulnerability allows Remote Code Execution by overwriting files, enabled by falsifying the file name variable. The issue can be leveraged in combination with other vulnerabilities; exploitation context beyond a single vulnerabili...

The vulnerability of the single interface for SAP NetWeaver Business Client, which exists due to the lack of measures taken to protect the structure of the web page, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the single interface for SAP NetWeaver Business Client exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

WordPress plugin SVGMagic security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...

Elastic Kibana Security Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana. An attacker could use this vulnerability to affect t...

The vulnerability of the Qdrant artificial intelligence-based vector search system lies in the insufficient verification of input data, allowing attackers to write arbitrary files.

The vulnerability of the Qdrant artificial intelligence-based vector search system is related to an incorrect restriction on the path name for the restricted catalog, due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to write arbitrary files by...

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

cve-2024-4367-PoC-fixed PDF.js is a JavaScript-based PDF vie...

Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...