The vulnerability of the Glib library, related to buffer overflows in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of the Glib library is related to overflowing buffers in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the $pollerid used ...

kernel: untrusted VMM can trigger int80 syscall handling

A flaw was found in the Linux kernel. A VMM can inject external interrupts on any arbitrary vector at any time, which may allow the guest OS to be manipulated from the VMM side...

UBUNTU-CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings hw/virtio/virtio-pci.c. An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhostnetstop. This flaw allows a malicious guest to crash the QEMU process on the host...

CVE-2024-34360

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7649 more potentially affected by CVE-2024-29857 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2024-29857 Source...

UBUNTU-CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the $pollerid used ...

io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploits the vulnerability to cause incorrect privilege management issues by leveraging inter-process communication between different processes...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks by convincing a victim to visit a specially crafted Web site...

Apple macOS Sonoma 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma. An attacker exploiting the vulnerability is able to elevate privileges...

SUSE CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings hw/virtio/virtio-pci.c. An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhostnetstop. This flaw allows a malicious guest to crash the QEMU process on the host...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

GHSA-JCQQ-G64V-GCM7 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...

CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings hw/virtio/virtio-pci.c. An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhostnetstop. This flaw allows a malicious guest to crash the QEMU process on the host...

OESA-2024-1558 mysql security update

The MySQLTM software delivers a very fast, multi-threaded, multi-user, and robust SQL Structured Query Language database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or...

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server...

PT-2024-32284 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in the QEMU Virtio PCI Bindings, specifically in the hw/virtio/virtio-pci.c file. This issue is related to an improper release and use of the irqfd for vector 0 during the boo...

image 安全漏洞

image is a set of Go libraries designed to handle container images and container image registries in various ways. A security vulnerability exists in image, which stems from a flaw found in the image library. An attacker exploiting this vulnerability could perform resource exhaustion, local path...