2428 matches found
CVE-2024-26646
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains...
AZL-37136 CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...
AZL-37115 CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...
DEBIAN-CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...
UBUNTU-CVE-2024-28863
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEPGOSU, said it's likely associated with the North Korean state-sponsored group...
MGASA-2024-0069 Updated jackson-databind packages fix security vulnerabilities
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value...
Code injection
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe...
CVE-2024-1618 Unquoted item or search path vulnerability in Faronics Deep Freeze Server Standard
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe...
CVE-2024-1618
Affected software: Faronics Deep Freeze Server Standard, version ≤ 8.30.020.4627. Vulnerable component: DFServ.exe (service). Root cause: Unquoted item / search path vulnerability that lets a malicious file with the same name be loaded if placed in a higher-priority directory. Impact: Local attac...
CVE-2024-1618 Unquoted item or search path vulnerability in Faronics Deep Freeze Server Standard
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe...
Faronics Deep Freeze Code Issue Vulnerability
Faronics Deep Freeze is a system recovery software developed by Faronics, Inc. A code issue vulnerability exists in Faronics Deep Freeze version 8.30.020.4627 and prior versions, which originates from a malicious code execution that can be performed by renaming a malicious executable file to...
PT-2024-18171 · Faronics · Faronics Deep Freeze Server Standard
Name of the Vulnerable Software and Affected Versions: Faronics Deep Freeze Server Standard versions 8.30.020.4627 and earlier Description: A search path or unquoted item vulnerability affects the DFServ.exe file, allowing an attacker with local user privileges to replace the legitimate DFServ.ex...
paddlepaddle code injection vulnerability
PaddlePaddle PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle PaddlePaddle. A code injection vulnerability exists in paddlepaddle version 2.6.0, which stems from the application failing to properly filter special elements of constructed code segments...
Medium: openexr
Issue Overview: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. CVE-2023-5841 Affected...
PT-2024-4663 · Mcafee · Mcafee Security: Antivirus Vpn For Android
Name of the Vulnerable Software and Affected Versions: McAfee Security: Antivirus VPN for Android versions prior to 8.3.0 Description: The issue is related to improper deep link validation, which could allow an attacker to launch an arbitrary URL within the app. This could potentially lead to...
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices, which originates from a lack of appropriate interactions to open deep links in the Samsung Internet...
OESA-2024-1218 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundati...
OESA-2024-1217 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundati...
OESA-2024-1215 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundati...