PT-2024-32882 · Ivanti · Ivanti Connect Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 22.4R2 through 22.7R2.2 Ivanti Policy Secure versions prior to 22.7R1.2 Description: The issue is related to excessive binary privileges, allowing a local authenticated attacker to escalate privileges...

SUSE CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

BIT-MEMCACHED-2020-10931

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service daemon crash via a crafted binary protocol header to tryreadcommandbinary in memcached.c...

gcc-toolset-13-annobin bug fix update

An update is available for gcc-toolset-13-annobin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package contains the tools needed to annotate binary file...

CVE-2024-50593

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...

CVE-2024-50593

CVE-2024-50593 affects the Elefant Service tool; a local attacker can access restricted functions via a hard-coded "Hotline" password embedded in the Elefant service binary, which is shipped with the software. Affected component is the Elefant Service binary used by HASOMED Elefant. The root caus...

DEBIAN-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

UBUNTU-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

HASOMED Elefant 安全漏洞

HASOMED Elefant is an exercise software from the German company HASOMED. It specializes in meeting the needs of psychotherapists, child and adolescent psychotherapists, and medical psychotherapists. HASOMED Elefant has a security vulnerability. An attacker with local access to a medical office...

Binary Vulnerability in Chart Viewer Program of Unisys Software Technology Ltd.

Unisys Software Technology Co., Ltd. is a leading manufacturer of operating systems in China. A binary vulnerability exists in the Unisys Software Technologies Ltd. viewing program, which can be exploited by attackers to cause a denial of service...

CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

CVE-2024-47072

CVE-2024-47072 affects the XStream library. When configured to use the BinaryStreamDriver, processing manipulated binary input can trigger a stack overflow, leading to a Denial of Service. XStream 1.4.21 mitigates this by detecting the input manipulation and throwing an InputManipulationException...

GHSA-HFQ9-HGGM-C56Q XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. Patches XStream 1.4.21 detects the manipulation ...

UBUNTU-CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining infocnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining infocnt. The following splat will be reported when the value of ret nele...

K000148421: Multiple Shim vulnerabilities

Security Advisory Description CVE-2023-40546 A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match th...

OPENSUSE-SU-2024:0351-1 Security update for python-mysql-connector-python

This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build support for DEB packages - WL16442: Upgrade gssapi version to 1.8.3 -...

[SECURITY] Fedora 41 Update: syncthing-1.28.0-1.fc41

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

Progress OpenEdge Installed (Linux)

Binary data progressopenedgenixinstalled.nbin...

CVE-2024-7995

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution...

CVE-2024-7995

Autodesk VRED Design is affected by CVE-2024-7995, where a maliciously crafted binary file downloaded could exploit an untrusted search path to escalate privileges to NT AUTHORITY/SYSTEM, potentially enabling code execution. The condition is triggered by handling a downloaded binary within the VR...