io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploits the vulnerability to cause incorrect privilege management issues by leveraging inter-process communication between different processes...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks by convincing a victim to visit a specially crafted Web site...

Apple macOS Sonoma 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma. An attacker exploiting the vulnerability is able to elevate privileges...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

GHSA-JCQQ-G64V-GCM7 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...

image 安全漏洞

image is a set of Go libraries designed to handle container images and container image registries in various ways. A security vulnerability exists in image, which stems from a flaw found in the image library. An attacker exploiting this vulnerability could perform resource exhaustion, local path...

Bentley Systems Bentley View 安全漏洞

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A security vulnerability exists in Bentley View that stems from a specific flaw in the parsing of SKP files, which can be exploited by an attacker to execute code in the context of the current process...

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from the fact that an attacker can accept a single user invitation by sending multiple concurrent requests, thereby allowing the creation of multiple user accounts from a...

CVE-2023-44446

GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending...

When is One Vulnerability Scanner Not Enough?

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability...

edk2: Infinite loop when parsing unknown options in the Destination Options header

A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header...

Electrolink FM/DAB/TV Transmitter 安全漏洞

The Electrolink FM/DAB/TV Transmitter is a series of transmitters from Electrolink. A security vulnerability exists in the Electrolink FM/DAB/TV Transmitter that stems from the presence of an elevation of privilege vulnerability, which could lead to an attacker manipulating or tampering with...

VulnCheck KEV: CVE-2023-41892

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

CVE-2024-21610

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon cosd of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service DoS. In a scaled CoS scenario with 1000s of interfaces, when...

NVIDIA CUDA toolkit 安全漏洞

The NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in the NVIDIA CUDA toolkit. An attacker could exploit this vulnerability to cause a denial of service...

GHSA-39FP-MQMM-GXJ6 CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...

CVE-2024-1023 Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

CVE-2024-1023

CVE-2024-1023 affects the Eclipse Vert.x core via a memory leak in Netty FastThreadLocal data structures when the Vert.x HTTP client opens connections to multiple hosts. The vulnerability can enable a memory exhaustion DoS, as the leak can be accelerated with attacker-controlled or knowledge-driv...