PT-2024-38845 · Faronics · Deep Freeze

Name of the Vulnerable Software and Affected Versions: Deep Freeze version 9.00.020.5760 Description: The issue is an out-of-bounds read vulnerability in the FarDisk.sys driver of Deep Freeze. It can be triggered by the 0x70014 IOCTL code. This vulnerability is locally exploitable and can lead to...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

PT-2024-35: Automatic explicit deep link assignment in Android Jetpack Navigation Library

The vulnerability was identified in Android Jetpack Navigation Library in versions 2.8.1. The discovered vulnerability allows an attacker, using automatically assigned explicit deep links, to open arbitrary screens in the application and pass them arbitrary parameters Vulnerability status:...

PT-2024-32273 · Trend Micro · Trend Micro Deep Discovery Inspector

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Discovery Inspector versions 5.8 and above Description: A vulnerability in Trend Micro Deep Discovery Inspector could allow an attacker to disclose sensitive information from affected installations. The attacker must first...

PT-2024-32274 · Trend Micro · Trend Micro Deep Discovery Inspector

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Discovery Inspector versions 5.8 and above Description: A vulnerability in Trend Micro Deep Discovery Inspector could allow an attacker to disclose sensitive information from affected installations. To exploit this issue, an...

Trend Micro Deep Discovery Inspector SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Deep Discovery Inspector. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The...

Trend Micro Deep Discovery Inspector SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Deep Discovery Inspector. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

DEBIAN-CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

PT-2024-41127 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent affected versions not specified Description: The issue is related to incorrect link resolution before file access in the Anti-Malware module of Trend Micro Deep Security Agent, which could allow an attacker to...

PT-2024-41128 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent affected versions not specified Description: The issue is related to incorrect link resolution before accessing a file, which can be exploited to potentially allow an attacker to escalate their privileges...

TikTok 安全漏洞

Bytedance TikTok Jieyin International Version is an application for creating and sharing short videos by Chinese company Bytedance. A security vulnerability exists in TikTok versions prior to 34.5.5 that stems from allowing traversal of the Lynxview JavaScript interface via deep links...

When War Came to Their Country, They Built a Map

The Telegram channel and website Deep State uses public data and insider intelligence to power its live tracker of Ukraine’s ever-shifting front line...

UBUNTU-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

CVE-2024-43398 REXML denial of service vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

REXML 安全漏洞

REXML is a Ruby open source XML toolkit for Ruby. A security vulnerability exists in REXML versions prior to 3.3.6, which stems from a denial of service DoS vulnerability when parsing deep XML containing many attributes with the same local name...

deep-z.net Cross Site Scripting vulnerability OBB-3954753

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...