NVIDIA BlueField License Issue Vulnerability

NVIDIA BlueField is a series of data processing units from NVIDIA. NVIDIA BlueField suffers from an authorization issue vulnerability that stems from mishandling of privileges, which can be exploited by an attacker to cause a denial of service, data tampering, and information disclosure...

CVE-2024-38405

Transient DOS while processing the CU information from RNR IE...

CVE-2024-0106

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit DPU contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +602 more potentially affected by CVE-2024-8309 via langchain (>=0.0.100 <=0.1.9)

langchain PYPI version =0.0.100, =0.1.0, =0.1.7, =0.2.1, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.0.18, =0.1.5, =0.2.0, =0.7.1 and more Source cves: CVE-2024-8309 Source advisory: OSV:GHSA-45PG-36P6-83V9...

Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

IBM Watson Studio Local Cross-Site Request Forgery Vulnerability

IBM Watson Studio Local is a suite of collaborative data processing solutions from International Business Machines IBM. The product includes features such as data analysis, data visualization, data cleansing and streaming data extraction. A cross-site request forgery vulnerability exists in IBM...

PT-2024-30: Stored DOM-Based Cross-Site Scripting (stored DOM XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. Exploitation of the vulnerability is possible for an authorized user and leads to the possibility of executing...

CVE-2024-8925 Erroneous parsing of multipart form data

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

PT-2024-7255 · Abb · Abb Ac 800M

Name of the Vulnerable Software and Affected Versions: ABB AC 800M affected versions not specified Description: The issue is related to errors in processing input data in the ABB AC 800M controller firmware. It allows a remote attacker to execute arbitrary commands by sending specially crafted MM...

ROS-20241004-09

Vulnerability of the matchflags function of the Netfilter subsystem of the Linux kernel is related to the reading of data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information or cause a denial of...

Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

A European privacy watchdog has filed a complaint against Mozilla for quietly enabling Privacy Preserving Attribution PPA in its Firefox browser. Noyb none of your business argues that despite its reassuring name, the feature allows the browser to track your online behavior. By design, Privacy...

CVE-2022-48939 bpf: Add schedule points in batch ops

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcubarrier Nothing prevents batch ops to...

Loan Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the f2fs file system to properly handle scenarios where blkaddr is valid when processing...

CVE-2024-7113

If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack...

CVE-2024-7113

CVE-2024-7113 affects AVEVA SuiteLink Server and related AVEVA products (SuiteLink, Historian, InTouch, Application Server, Communication Drivers Pack, Batch Management). The root issue is Allocation of Resources Without Limits or Throttling, causing the SuiteLink server to consume excessive syst...

SAP Shared Service Framework 安全漏洞

SAP Shared Service Framework is an integration platform from SAP, Germany, designed to support the operation and management of shared services within an organization. A security vulnerability exists in SAP Shared Service Framework that stems from not performing the required authorization checks o...

PT-2024-5549 · Aveva · Aveva Suitelink Server +5

Name of the Vulnerable Software and Affected Versions: AVEVA SuiteLink Server affected versions not specified Description: The issue is related to unlimited resource allocation in the SuiteLink server of AVEVA software products, including Historian, InTouch, Application Server, Communication...

CVE-2024-42238 firmware: cs_dsp: Return error if block header overflows file

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Return error if block header overflows file Return an error from csdsppowerup if a block header is longer than the amount of data left in the file. The previous code in csdspload and csdsploadcoeff would loop whi...