PT-2024-1568 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.2 PostgreSQL versions prior to 15.6 PostgreSQL versions prior to 14.11 PostgreSQL versions prior to 13.14 PostgreSQL versions prior to 12.18 Description: The issue is related to a late privilege drop in the...

Improper comparison of different-length signatures

The Webhook::verify function incorrectly compared signatures of different lengths - the two signatures would only be compared up to the length of the shorter signature. This allowed an attacker to pass in v1, as the signature, which would always pass verification...

CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...

CVE-2023-33077

Memory corruption in HLOS while converting from authorization token to HIDL vector...

Memory corruption

Memory corruption in HLOS while converting from authorization token to HIDL vector...

CVE-2023-33077 Buffer Copy Without Checking Size of Input in HLOS

Memory corruption in HLOS while converting from authorization token to HIDL vector...

CVE-2023-33077

CVE-2023-33077: Memory corruption in HLOS during conversion from an authorization token to a HIDL vector. Root cause is memory corruption in the HLOS path handling token-to-HIDL conversion. Impact on confidentiality, integrity and availability is described as High; attack vector is Local with low...

CVE-2023-33077 Buffer Copy Without Checking Size of Input in HLOS

Memory corruption in HLOS while converting from authorization token to HIDL vector...

PT-2024-12397 · Qualcomm · Snapdragon +92

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in HLOS while converting from an authorization token to a HIDL vector. No information is provided about the estimat...

JetBrains Toolbox Security Vulnerability

JetBrains Toolbox is a JetBrains product management application from JetBrains Czech Republic. A security vulnerability previously existed in the JetBrains Toolbox App version 2.2, which stemmed from a DoS attack that could be performed via a malicious SVG image...

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from...

PT-2024-14857 · B&R · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions = G4.93 Description: A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager that enables a remote attacker to execute arbitrary JavaScript code in the context...

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

MGASA-2024-0020 Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

BIT-RAILS-2022-3704

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...

DoS (Denial of Service) org.json:json Dependency in Confluence Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

CVE-2023-7089

The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...