852 matches found
PT-2024-29569 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.12 Xibo versions prior to 4.0.14 Description: A SQL injection issue was discovered in the API routes of Xibo, a content management system, specifically in the components responsible for filtering DataSets. This allo...
Xibo CMS SQL注入漏洞
Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing an authenticated user to view dataset data by injecting a specially crafted value into the API, which could allow an attacker to obtain...
PT-2024-28031 · Broadcom · Symantec Privileged Access Management
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an unauthenticated attacker to read arbitrary information from the database. There is no information provided about the estimated number of potentially affected...
CVE-2024-39553 Junos OS Evolved: Receipt of arbitrary data when sampling service is enabled, leads to partial Denial of Service (DoS).
An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service DoS a...
tpm2-tools Security Vulnerabilities
tpm2-tools is a source code library. A security vulnerability exists in tpm2-tools version 4.1-rc0 and earlier, which stems from an attacker being able to generate a tpm2 checkquote resulting in undetectable arbitrary references to data...
CVE-2024-36974
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...
CVE-2024-36974
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...
UBUNTU-CVE-2024-36974
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...
CVE-2024-36974
The CVE-2024-36974 issue affects the Linux kernel net/sched taprio: if a TCA_TAPRIO_ATTR_PRIOMAP attribute is provided, taprio_parse_mqprio_opt() must validate it; otherwise, a second taprio_change() with crafted mqprio attributes can cause kernel problems after a first, valid call sets dev->n...
CVE-2024-36974 net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...
CVE-2024-0095
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2024-35197 gix refs and paths with reserved Windows device names access the devices
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...
CVE-2024-35197
CVE-2024-35197 affects the gitoxide project (gitoxide-core) and related advisories, describing a Windows-specific issue where fetching refs or checking out paths that collide with legacy device names can cause reads from devices or writes to devices. This can lead to indefinite blocking or the pr...
gitoxide 安全漏洞
gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide prior to version 0.36.0, which can be exploited to write arbitrary data to a device by obtaining a reference that conflicts with an old device name...
gix refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
RUSTSEC-2024-0351 Refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...