SUSE CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to trigger a service failure.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

OPENSUSE-SU-2024:0268-1 Security update for trivy

trivy was updated to fix the following issues: Update to version 0.54.1: fixflag: incorrect behavior for deprected flag --clear-cache backport: release/v0.54 7285 fixjava: Return error when trying to find a remote pom to avoid segfault backport: release/v0.54 7283 fixplugin: do not call GitHub...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code using a specially crafted HTML page.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted HTML page from a remote location...

ROS-20240829-01

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to resource release errors. resource release errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the Core component of the Oracle V...

SUSE CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

ROS-20240828-03

Vulnerability of Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to the incorrect handling of exceptional conditions with improper handling of exceptional conditions. Exploitation of the vulnerability could allow a remote attacker to use memory after it has been...

The vulnerability of the smbus component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the smbus component in the Linux operating system’s kernel is related to OOPS errors when the designware controller is used only as a target object. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

CVE-2024-43806 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or functions.

The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or function...

The vulnerability of microprogrammed software in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters, related to security mechanism errors, allows attackers to bypass authentication procedures.

The vulnerability of Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters is related to security mechanism errors. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures...

The vulnerability in the user interface of the LibreOffice office software’s certificate verification process allows a perpetrator to execute arbitrary code.

The vulnerability of the user interface for verifying certificate in the LibreOffice office software package is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user allows the macro to be executed...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafted HTML page...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands are vulnerable to networking errors [CVE-2024-24790]

Summary IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands contain Golang binaries that are vulnerable to networking errors. This bulletin provides patch information to address the reported vulnerability. CVE-2024-24790 Vulnerability...

Microsoft Edge browser’s vulnerability, related to errors in data type mixing, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge is related to type conversion errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide that originated from not eliminating line breaks, backspaces, or control characters that appear in repository paths, author and committer names, commit message...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-2282)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...