Low: systemd

Issue Overview: An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the findin...

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems is related to synchronization errors when using shared resources „Race Conditions“. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The vulnerability of the OCC API Endpoint component in the SAP Commerce Cloud platform allows a perpetrator to gain unauthorized access to protected information or compromise data integrity.

The vulnerability of the OCC API Endpoint component in the SAP Commerce Cloud platform is related to errors in information processing. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information or compromise the integrity of data...

The vulnerability of the kernel driver of Windows operating systems allows attackers to gain increased privileges.

The vulnerability of the Windows operating system’s kernel driver relates to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Rockwell Automation ThinManager platform for centralized application management, related to errors in processing hypertext links, allows a hacker to execute arbitrary code.

The vulnerability of the Rockwell Automation ThinManager application platform for centralized application management is related to errors in processing hypertext links. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted POST reques...

Exposure Of Sensitive Information To An Unauthorized Actor

libzpehyr.so is vulnerable to Exposure Of Sensitive Information To An Unauthorized Actor. The vulnerability is due to improper handling of encryption procedure status codes, which allows a custom-made remote controller to incorrectly indicate success even when encryption requests are rejected...

ROS-20240916-03

A vulnerability in the Node.js software platform is related to insufficient data authentication. Exploitation of the vulnerability could allow an attacker acting remotely to disable the validation of the integrity A vulnerability in the APIgenerateKeys function of the Node.js software platform is...

CVE-2024-6544

The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...

UBUNTU-CVE-2024-46687

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfssubmitchunk BUG There is an internal report that KASAN is reporting use-after-free, with the following backtrace: BUG: KASAN: slab-use-after-free in...

The vulnerability of the QEMU hardware emulation software, related to synchronization errors, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation software is related to synchronization errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

The vulnerability of the LZ4 data compression algorithm, which involves errors in number processing, allows a hacker to cause a service failure.

The vulnerability of the lossless LZ4 data compression algorithm is related to errors in number processing. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the DRM/amdgpu/vkms components of the Linux operating system, related to pointer dereferencing errors, allows a hacker to trigger a service failure.

The vulnerability of the DRM/amdgpu/vkms components of the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the DRM/amdgpu cores in the Linux operating system, related to pointer swapping errors, allows a violator to trigger a service failure.

The vulnerability of the DRM/amdgpu cores in the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Samba networking communication package arises from synchronization errors when using a shared resource. This allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the Samba networking communication package is related to synchronization errors when using a shared resource due to incorrect metadata processing. Exploiting this vulnerability can allow an attacker to gain access to confidential data and compromise its integrity...

The vulnerability of the Cisco Application Policy Infrastructure Controller, related to access control errors, allows a perpetrator to execute arbitrary code and elevate their privileges to the root level.

The vulnerability of the Cisco Application Policy Infrastructure Controller relates to access control errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and elevate their privileges to the root level...

The vulnerability of the stbi_load_gif_from_memory component in the C/C++ Libstb library, related to pointer dereferencing errors, allows attackers to trigger a denial-of-service attack.

The vulnerability of the stbiloadgiffrommemory component in the C/C++ Libstb library is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause service failures...

Vulnerability in Firefox ESR, Firefox, and Thunderbird email client, related to type conversion errors, allowing attackers to access confidential data

The vulnerability in web browsers Firefox ESR, Firefox, and the email client Thunderbird is related to type conversion errors caused by the enabled autostart of the private mode. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

The vulnerability of open-source development environments for UEFI EDK2, related to configuration errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of open-source development environments for UEFI EDK2 is related to configuration errors. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

CVE-2024-6446 Business Logic Errors in GitLab

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application...