SUSE-SU-2024:4103-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47589: igbvf: fix double free in igbvfprobe bsc1226557. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. - CVE-2022-48960: net:...

The vulnerability of the binary file plctool of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, allows a hacker to execute any code in the root context.

The vulnerability of the binary file of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices, the Phoenix Contact CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability could all...

CVE-2024-36248

CVE-2024-36248 affects Sharp MFPs and related devices, where API keys for cloud services are hardcoded in the main binary. This root cause can enable exposure or misuse of cloud credentials by anyone gaining access to the device, potentially allowing unauthorized external access or data exposure ...

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

DuckDB Installed (Linux / Unix)

Binary data duckdbnixinstalled.nbin...

Zscaler Client Connector Installed (Windows)

Binary data zscalerclientconnectorwininstalled.nbin...

The vulnerability of the Spectrum Power 7 software, related to incorrect privilege assignment, allows a perpetrator to elevate their privileges.

The vulnerability of the Spectrum Power 7 software is related to the improper assignment of privileges by running binary files with the SUID privilege. Exploiting this vulnerability can allow an attacker to increase their privileges...

DuckDB Installed (Windows)

Binary data duckdbwininstalled.nbin...

PT-2024-26930 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue involves hardcoded API keys for some cloud services in the "main" binary, posing security risks. The details of affected product...

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility lies in its uncontrolled search path, which allows a malicious actor to exploit their privileges.

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility lies in the improper use of standard permissions, allowing attackers to increase their privileges.

The vulnerability of the Intel Binary Configuration Tool’s configuration modification utility is related to the improper use of standard permissions. Exploiting this vulnerability can allow attackers to increase their privileges...

com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...

Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform

By Philippe Laulheret ClipSP clipsp.sys is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox...

Rockwell Automation FactoryTalk Updater Installed (Windows)

Binary data rockwellfactorytalkupdaterwininstalled.nbin...

Rclone Installed (Mac OS X)

Binary data rclonemacosinstalled.nbin...

Binary Vulnerability in Damon New Cloud Cache Database of Wuhan Damon Database Co.

Damon New Cloud Cache Database DMCDM is a Key-Value database that is deeply compatible with the native Redis protocol. A binary vulnerability exists in the Damon New Cloud Cache Database DMCDM of Wuhan Damon Database Co. which can be exploited by attackers to cause a denial of service...

JetBrains WebStorm Installed (Linux)

Binary data jetbrainswebstormnixinstalled.nbin...

The vulnerability of the needrestart utility, related to concurrent access to resources (race condition), allows a violator to execute arbitrary code in the context of the root user.

The vulnerability of the needrestart tool is related to concurrent access to resources race condition. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user by replacing the file usr/bin/python with a malicious executable file...

DEBIAN-CVE-2024-53429

Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash...

UBUNTU-CVE-2024-53429

Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash...