AZL-52207 CVE-2024-51744 affecting package telegraf for versions less than 1.31.0-7

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52219 CVE-2024-51744 affecting package moby-engine for versions less than 25.0.3-13

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52265 CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-21

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52210 CVE-2024-51744 affecting package prometheus for versions less than 2.45.4-12

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52216 CVE-2024-51744 affecting package etcd for versions less than 3.5.18-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52183 CVE-2024-51744 affecting package cert-manager for versions less than 1.12.15-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52198 CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52260 CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

UBUNTU-CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

CVE-2024-38415

Memory corruption while handling session errors from firmware...

CVE-2024-38415 Use After Free in Computer Vision

Memory corruption while handling session errors from firmware...

CVE-2024-38415 Use After Free in Computer Vision

Memory corruption while handling session errors from firmware...

CVE-2024-38415

CVE-2024-38415 corresponds to memory corruption during handling of firmware session errors in Qualcomm components (notably Qualcomm/Qualcomm Snapdragon Auto context appears in some feeds). The CVSS v3.1 metrics indicate a HIGH base score (7.8) with LOCAL attack vector, LOW privileges required, no...

PT-2024-27990 · Qualcomm · Qualcomm Snapdragon Auto

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto affected versions not specified Description: The issue is related to memory corruption that occurs while handling session errors from firmware. This can potentially lead to exploitation. There is no information provid...

RHEL 7 : openstack-cinder (RHSA-2017:0156)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0156 advisory. OpenStack Block Storage cinder manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that originates from memory corruption while handling firmware session errors...

CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

DEBIAN-CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

The vulnerability of the RtsPer.sys and RtsUer.sys drivers of Realtek SD card readers, related to memory release errors, allows an attacker to gain access to the kernel’s stack memory and dynamic memory.

The vulnerability of the RtsPer.sys and RtsUer.sys drivers of Realtek SD card readers is related to memory release errors. Exploiting this vulnerability can allow an attacker to gain access to kernel memory from the stack and dynamic memory...