DEBIAN-CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

UBUNTU-CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

AZL-42988 CVE-2024-5535 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-3

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

AZL-42975 CVE-2024-5535 affecting package openssl for versions less than 3.3.0-2

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

AZL-47733 CVE-2024-5535 affecting package hvloader for versions less than 1.0.1-6

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

Yokogawa FAST/TOOLS and CI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : FAST/TOOLS and CI Server Vulnerabilities : Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

OpenSSL Security Vulnerabilities

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

PT-2024-36813

Name of the Vulnerable Software and Affected Versions CPython versions 3.9 and earlier Description The issue arises from configuring an empty list for SSLContext.set npn protocols, which is an invalid value for the underlying OpenSSL API, resulting in a buffer over-read when NPN is used. This is...

SUSE CVE-2024-39469

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in nilfsemptydir when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or...

DEBIAN-CVE-2024-39469

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in nilfsemptydir when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or...

UBUNTU-CVE-2024-39469

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in nilfsemptydir when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or...

MAL-2024-6347 Malicious code in ackintosh-net-empty-port (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ackintosh-net-empty-port (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in EmрtуConstruсtor.Fоdy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in EmptуConstructor.Fоdy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrect error handling by the nilfsemptydir function when a directory folio/page read fails...

PT-2024-29242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the btrfs file system in the Linux kernel. When running btrfs/060 with the forced RST feature, it would crash due to an ASSERT inside scrub read endio. This happe...

WordPress Empty Cart Button for WooCommerce plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Empty Cart Button for WooCommerce versions = 1.4.1...

SUSE CVE-2021-47606

In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netemenqueue function which is caused when skb-len=0 and skb-datalen=0 in...

WordPress Empty Cart Button for WooCommerce Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Empty Cart Button for WooCommerce Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b607245d91ba Credits LVT-tholv2k Required...