CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT-LIB input file containing the set-logic command with specific formatting errors...

PT-2024-8813 · Intel · Intel Advanced Link Analyzer Standard Edition

Name of the Vulnerable Software and Affected Versions: IntelR Advanced Link Analyzer Standard Edition versions prior to 23.1.1 Description: The issue is related to incorrect execution-assigned permissions in the IntelR Advanced Link Analyzer Standard Edition software installer. This may allow an...

RLSA-2024:2985 Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

The vulnerability of the Hazelcast data analysis platform, related to permission processing errors, allows attackers to perform arbitrary actions.

The vulnerability of the Hazelcast data analysis platform is related to permission processing errors. Exploiting this vulnerability allows a remote attacker to perform arbitrary actions...

PT-2024-4198 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in presenting information to the user interface, which can allow a remote attacker to conduct spoofing attacks. Recommendations: At the...

PT-2024-4302

Name of the Vulnerable Software and Affected Versions Azure Identity Libraries and Microsoft Authentication Library affected versions not specified Description The vulnerability in Azure Identity Libraries and Microsoft Authentication Library is related to synchronization errors when using a shar...

Important: firefox

Issue Overview: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. CVE-2024-4367 If the browser.privatebrowsing.autostart preference is...

PT-2024-4289 · Microsoft · Windows Kernel-Mode Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel-Mode Driver affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource, which can allow an attacker to elevate their privileges. This is a local privilege...

PT-2024-4173

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description The issue is related to synchronization errors when using a shared resource, which can be exploited to elevate privileges. An elevation-of-privilege vulnerability allows attackers to...

UBUNTU-CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

Exploiting Mistyped URLs

Interesting research: "Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains": Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous...

The vulnerability of the Apex One NT RealTime Scan anti-virus software programs Trend Micro Apex One and Apex One as a Service allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the Apex One NT RealTime Scan antivirus software programs Trend Micro Apex One and Apex One as a Service is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary...

The vulnerability of the QEMU hardware emulation software, related to memory-related errors, allows a hacker to trigger a system failure.

The vulnerability of the QEMU hardware emulation software lies in the lack of checks to ensure that the buffer pointer does not overlap with the MMIO region during USB packet transmission. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the MileSight DeviceHub deployment platform, related to authentication errors, allows a violator to execute arbitrary code.

The vulnerability of the MileSight DeviceHub deployment platform is related to authentication errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Troubleshooting '401 - Unauthorized' or 'x509' Errors When Accessing the Veeam Kasten for Kubernetes Dashboard

Challenge When attempting to access the Veeam Kasten for Kubernetes dashboard the following error occurs despite using the cacertconfigmap.name helm value: 401 - Unauthorized This issue may also manifest as errors related to x509 in the gateway pod or auth-svc pod logs: x509: certificate signed b...

PT-2024-27346 · Zsa · Zsa

Name of the Vulnerable Software and Affected Versions: zsa versions prior to 0.3.3 Description: The zsa application transfers the parse error stack from the server to the client in production build mode, potentially revealing sensitive information about the server environment, such as the machine...

PT-2024-4367 · Nvidia · Nvidia Gpu Display Driver

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows affected versions not specified Description: The issue is related to errors in initialization, which could allow an attacker to cause a denial of service and disclose protected information. A successful...

GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

kernel: net: usb: fix memory leak in smsc75xx_bind

In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xxbind Syzbot reported memory leak in smsc75xxbind. The problem was is non-freed memory in case of errors after memory allocation. backtrace: kmalloc include/linux/slab.h:556 inline kzalloc...

The vulnerability of the SMTPS protocol implementation in the JetBrains YouTrack project management and task management software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SMTPS protocol implemented by the JetBrains YouTrack software for managing projects and tasks is related to errors in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...