MGASA-2024-0375 Updated php packages fix security vulnerabilities

Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update...

Updated php packages fix security vulnerabilities

Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update...

USN-7126-1 libsoup2.4 vulnerabilities

It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. CVE-2024-52530 It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An...

ROS-20241127-01

A vulnerability in the bna component of the Linux operating system kernel is related to out-of-bounds read errors in the bnaddebugfswriteregrd and bnaddebugfswriteregwr functions in the drivers/net/ethernet/brocade/bna/bnaddebugfs.c. Exploitation of the vulnerability could allow an attacker to...

CVE-2024-11696

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

CVE-2024-11696

CVE-2024-11696 describes an Unhandled Exception in Add-on Signature Verification due to how loadManifestFromFile handles invalid/unsupported extension manifests, potentially bypassing enforcement of signature validation for unrelated Firefox/Thunderbird add-ons. Affected software and versions per...

CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

A flaw was found in the Linux kernel in which a system crash can occur if there are certain errors establishing RPC-over-RDMA connections...

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment allows a perpetrator to circumvent existing security restrictions.

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicious actor to circumvent existing security restrictions remotely...

The vulnerability of the fbdev component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the fbdev component in the Linux operating system’s kernel is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential information...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Intel Alias Checking Trusted Module (Intel ACTM), a microprogramming software component for Intel’s 4th and 5th generation processors, allows attackers to exploit it to increase their privileges.

The vulnerability of the Intel Alias Checking Trusted Module Intel ACTM, a microprogramming software component of Intel’s 4th and 5th generation processors, is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to increase their...

The vulnerability of the routing protocol demon in Juniper Networks’ Junos OS and Junos OS Evolved systems allows a attacker to cause service interruptions.

The vulnerability of the routing protocol demon pdrd in Juniper Networks’ Junos OS and Junos OS Evolved systems is related to memory release errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the software tools for accelerated video processing at the hardware level, the Intel Video Processing Library (VPL), is related to pointer dereferencing errors. This vulnerability allows an attacker to trigger a service failure.

The vulnerability of the software tools for accelerated video processing at the hardware level, the Intel Video Processing Library VPL, is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

GHSA-MH2X-FCQH-FMQV @sveltejs/kit has unescaped error message included on error page

Summary The static error.html template for errors contains placeholders that are replaced without escaping the content first. Details From https://kit.svelte.dev/docs/errors: error.html is the page that is rendered when everything else fails. It can contain the following placeholders:...

PT-2024-9572 · Ibm · Ibm Watson Speech Services Cartridge For Ibm Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data versions 4.0.0 through 5.0.2 Description: The issue is caused by synchronization errors when using a shared resource, potentially allowing a remote attacker to cause a denial of...

CentOS 9 : kernel-5.14.0-533.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-533.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfrejectipv6: fix nfrejectip6tcphdrput syzbot reported...