CVE-2024-31799

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port...

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD Graphics Driver, which stems from a hard-coded AES key that could cause a privileged attacker to gain access to the key, leading to the disclosure of internal debugging...

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control C2...

SUSE CVE-2024-42127

In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix shared irq handling on driver remove lima uses a shared interrupt, so the interrupt handlers must be prepared to be called at any time. At driver removal time, the clocks are disabled early and the interrupts stay...

Exploit for Special Element Injection in Google Android

CVE 2024 0044 CVE-2024-0044, identified in the createSessionI...

The vulnerability of the microprogramming software in AutomationDirect P3-550E allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the microprogrammed software in AutomationDirect P3-550E controllers is related to insufficient protection of operational data during code debugging. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause malfunctions in the system...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 regreSSHion Proof of concept python script for...

The vulnerability of the GLPI request and incident handling system lies in its ability to gain access to the debugging panel through an update script of GLPI. This allows a malicious actor to compromise the integrity of the system.

The vulnerability of the GLPI request and incident handling system relates to the possibility of gaining access to the debugging panel through a GLPI update script. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrity of the system...

Security Bulletin: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response

Summary In IBM Sterling B2B Integrator's dashboard, many links have CSRF tokens at the end of URLs. An attacker could post something with a link to the B2Bi dashboard somewhere. If a B2Bi user who has the active http session and owns the token clicks the link then the request will be honored sinc...

OPENSUSE-SU-2024:0201-1 Security update for Botan

This update for Botan fixes the following issues: Update to 2.19.5: Fix multiple Denial of service attacks due to X.509 cert processing: CVE-2024-34702 - boo1227238 CVE-2024-34703 - boo1227607 CVE-2024-39312 - boo1227608 Fix a crash in OCB Fix a test failure in compression with certain versions o...

CVE-2024-40902

A buffer overflow vulnerability was found in the Linux kernel, where the xattr size is bigger than the expected size and was printed to the kernel log in hex format. Printing it out can cause access off the buffer's end, leading to loss of confidentiality, integrity, and availability. Mitigation...

How to Capture a Memory Dump from a Provisioned Target in a Hyper-V Environment

This article describes how to generate a memory dump file from a provisioned target in a Hyper-V environment.This process requires no modification to the virtual machine. Requirements Download and install the Debugging Tools for Windows package from Microsoft's web site: Debugging Tools for Windo...

CVE-2024-40902

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

CVE-2024-40978 scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

CVE-2024-40902 jfs: xattr: fix buffer overflow for invalid xattr

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

CVE-2024-40902 jfs: xattr: fix buffer overflow for invalid xattr

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

CVE-2024-40902

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size,...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a debugging information disclosure issue in the bpf component during pskbpullreason processing...

Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 (KB5002606)

Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 KB5002606 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, Microsoft SharePoint remote code execution vulnerability, and Microsoft SharePoint Server...

LevelOne WBR-6013 Security Vulnerability

The LevelOne WBR-6013 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623 version, which stems from the presence of residual debugging code in the boa formSysCmd function, where a specially crafted network request could result in...