CVE-2024-46709 drm/vmwgfx: Fix prime with external buffers

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dmabuf interface instead of trying to access pages directly. External buffers might not provide direct access to...

Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API

Cisco Talos' Vulnerability Research team discovered two vulnerabilities have been disclosed and fixed over the past few weeks. Talos discovered a time-of-check time-of-use vulnerability in Adobe Acrobat Reader, one of the most popular PDF readers currently available, and an information disclosure...

UBUNTU-CVE-2024-43443

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....

Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...

Subscription Health Dashboard Update: Optimize Deployments and Identify Issues

For VM teams navigating the complex realm of cybersecurity tools, ensuring deployment health is paramount. Swift methods are required to pinpoint issues amidst complexity. Challenges such as duplicate entries, ghost hosts, and decommissioned devices can obstruct these views, hindering data...

Mozilla Firefox Memory Misreference Vulnerability (CNVD-2024-35561)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory misreference vulnerability exists in versions prior to Mozilla Firefox 129, which stems from a mix-up in the instructions responsible for freeing memory in the JavaScript code coverage...

TOTOLINK EX1200L Buffer Overflow Vulnerability (CNVD-2025-15239)

TOTOLINK EX1200L is a dual-band wireless signal amplifier launched by China Gion Electronics, which is mainly used to extend Wi-Fi coverage. TOTOLINK EX1200L suffers from a buffer overflow vulnerability, which originates from the parameter week/sTime/eTime in the file /cgi-bin/cstecgi.cgi that ca...

TOTOLINK EX1200L Buffer Overflow Vulnerability (CNVD-2025-15238)

TOTOLINK EX1200L is a dual-band wireless signal amplifier launched by China Gion Electronics, which is mainly used to extend Wi-Fi coverage. TOTOLINK EX1200L suffers from a buffer overflow vulnerability, which originates from the parameter httphost of the function loginauth /cgi-bin/cstecgi.cgi...

TOTOLINK EX1200L Buffer Overflow Vulnerability

TOTOLINK EX1200L is a dual-band wireless signal amplifier launched by China Gion Electronics, which is mainly used to extend Wi-Fi coverage. The TOTOLINK EX1200L suffers from a buffer overflow vulnerability that originates from the UploadCustomModule function in the /cgi-bin/cstecgi.cgi file. No...

TOTOLINK N350RT Buffer Overflow Vulnerability

TOTOLINK N350RT is a small home router launched by China Gion Electronics , mainly for home network coverage needs. The TOTOLINK N350RT suffers from a buffer overflow vulnerability that originates in the file /cgi-bin/cstecgi.cgi where the function setParentalRules manipulates the parameters...

D-Link DAP-1325 Command Injection Vulnerability (CNVD-2024-33900)

The D-Link DAP-1325 is a wireless access point/bridge from China's AUO D-Link, which is primarily used to provide wireless network coverage and has a bridging function that allows you to convert a wired network to a wireless network or connect two wireless networks together. The D-Link DAP-1325...

D-Link DAP-1325 Command Injection Vulnerability (CNVD-2024-33899)

The D-Link DAP-1325 is a wireless access point/bridge from China's AUO D-Link, which is primarily used to provide wireless network coverage and has a bridging function that allows you to convert a wired network to a wireless network or connect two wireless networks together. The D-Link DAP-1325...

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...

[SECURITY] Fedora 39 Update: python-urllib3-1.26.19-1.fc39

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

Worldwide Support Services Delivery Guide - 2024

Worldwide Support Services Delivery Guide -2024 Information To our Citrix customers and partners, we want to thank you for choosing our products and services. Our goal is to ensure your success, and we have created thisWorldwide Support Services Delivery Guide to help you achieve just that. The...

PT-2024-29138 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises on an old x86 system with SRAT covering space above 4Gb, where the NUMA configuration is no longer refused by a CONFIG NUMA=y kernel. This is due to memblock validate...

What’s New in Rapid7 Products & Services: Q2 2024 in Review

This quarter we continued to make investments that provide security professionals with a holistic, actionable view of their entire attack surface. In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services. Below we’ve highlight...

[SECURITY] Fedora 40 Update: python-urllib3-1.26.19-1.fc40

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilit...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor announcements...