org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...

Cisco Smart Software Manager On-Prem Password Change Vulnerability (CVE-2024-20419) (Direct Check)

Binary data ciscossmCVE-2024-20419.nbin...

Unable to Launch Applications After VDA Upgrade to 1912 CU9 Due to Missing Working Directory

Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools To apply the updated DLL with the tested code changes, please replace the files in the specified locations on the Multi-Session VDA as...

CVE-2024-34631

Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory...

CVE-2024-34628

Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory...

CVE-2024-34629

Samsung Notes contains a local out-of-bounds read vulnerability in the binary/text common object handling, affected in versions prior to 4.4.21.62. An attacker with local access could potentially read memory from the affected app. The available public details identify the affected product (Samsun...

PT-2024-26046 · Samsung · Samsung Notes

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.21.62 Description: The issue is related to an out-of-bounds read in applying binary with text common object. This could potentially allow local attackers to read memory. Recommendations: For versions prior ...

Sunhillo SureLine Web Portal Detection

Binary data sunhillosurelinewebdetect.nbin...

The vulnerabilities of the functions sbi_cpu_start() and cpu_update_secondary_bootdata() in the Linux operating system’s kernel on RISC-V processors allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the functions sbicpustart in the module arch/riscv/kernel/cpuopssbi.c and cpuupdatesecondarybootdata in the module arch/riscv/kernel/cpuopsspinwait.c in the Linux operating system’s kernel on RISC-V processors is related to memory writing beyond the allocated buffer...

PT-2024-26049 · Samsung · Samsung Notes

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.21.62 Description: The issue is related to an out-of-bounds read that occurs when applying a new binary. This could potentially allow local attackers to read memory. Recommendations: For versions prior to...

FreeBSD-SA-24:07.nfsclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:07.nfsclient Security Advisory The FreeBSD Project Topic: NFS client accepts file names containing path separators Category: core Module: NFS client...

FreeBSD-SA-24:06.ktrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:06.ktrace Security Advisory The FreeBSD Project Topic: ktrace2 fails to detach when executing a setuid binary Category: core Module: ktrace Announced:...

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control C2...

GeoServer Jai-EXT RCE (CVE-2022-24816)

Binary data geoserverjaiextCVE-2022-24816.nbin...

Windows System Driver Enumeration (Windows)

Binary data wmienumkerneldrivers.nbin...

LOLDriver Detection (Windows)

Binary data loldriversdetectwin.nbin...

CVE-2024-42381

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which...

System Asset Info Enumeration (Linux / Unix)

Binary data linuxassetinfoenum.nbin...

CVE-2024-42381

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which...

NI VeriStand NIVSPRJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...