DEBIAN-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

UBUNTU-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

HASOMED Elefant 安全漏洞

HASOMED Elefant is an exercise software from the German company HASOMED. It specializes in meeting the needs of psychotherapists, child and adolescent psychotherapists, and medical psychotherapists. HASOMED Elefant has a security vulnerability. An attacker with local access to a medical office...

Binary Vulnerability in Chart Viewer Program of Unisys Software Technology Ltd.

Unisys Software Technology Co., Ltd. is a leading manufacturer of operating systems in China. A binary vulnerability exists in the Unisys Software Technologies Ltd. viewing program, which can be exploited by attackers to cause a denial of service...

CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

CVE-2024-47072

CVE-2024-47072 affects the XStream library. When configured to use the BinaryStreamDriver, processing manipulated binary input can trigger a stack overflow, leading to a Denial of Service. XStream 1.4.21 mitigates this by detecting the input manipulation and throwing an InputManipulationException...

GHSA-HFQ9-HGGM-C56Q XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. Patches XStream 1.4.21 detects the manipulation ...

UBUNTU-CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining infocnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining infocnt. The following splat will be reported when the value of ret nele...

K000148421: Multiple Shim vulnerabilities

Security Advisory Description CVE-2023-40546 A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match th...

OPENSUSE-SU-2024:0351-1 Security update for python-mysql-connector-python

This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build support for DEB packages - WL16442: Upgrade gssapi version to 1.8.3 -...

[SECURITY] Fedora 41 Update: syncthing-1.28.0-1.fc41

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

Progress OpenEdge Installed (Linux)

Binary data progressopenedgenixinstalled.nbin...

CVE-2024-7995

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution...

CVE-2024-7995 Autodesk VRED Design Privilege Escalation Vulnerability

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution...

CVE-2024-7995

Autodesk VRED Design is affected by CVE-2024-7995, where a maliciously crafted binary file downloaded could exploit an untrusted search path to escalate privileges to NT AUTHORITY/SYSTEM, potentially enabling code execution. The condition is triggered by handling a downloaded binary within the VR...

PTZOptics Camera Web Interface Detection

Binary data ptzopticscamerawebdetect.nbin...

CVE-2024-10523

CVE-2024-10523 affects TP-Link IoT Smart Hub. Root cause: storage of Wi‑Fi credentials in plaintext in the device firmware, enabling credential extraction by analyzing the firmware if an attacker has physical access. Impact: disclosure of Wi‑Fi credentials stored on the vulnerable device. Exploit...

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces , which...

Security update for libgsf

This update for libgsf fixes the following issues: CVE-2016-9888: Fixed null pointer dereference with corrupted tar files bsc1014609 CVE-2024-36474: Fixed out-of-bounds index when processing a directory via an integer overflow in the compound document binary file format parser bsc1231282...