The vulnerability of the Format Detection component of the Mojolicious module for Perl, which allows a hacker to cause a service failure.

The vulnerability of the Format Detection component in the Mojolicious module for Perl is related to errors during resource release. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the library for optimizing machine learning models, Intel Neural Compressor, related to errors in processing input data, allows attackers to exploit it to gain increased privileges.

The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to errors in processing input data. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

The vulnerability of the Shortcuts component in operating systems such as iOS, macOS, iPadOS, and watchOS allows attackers to disclose sensitive information that is protected by these systems.

The vulnerability of the Shortcuts component in iOS, macOS, iPadOS, and watchOS is related to permission handling errors. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information...

RHEL 6 : rdesktop (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rdesktop: Remote code execution in uicliphandledata CVE-2018-8800 - rdesktop versions up to and including...

RHEL 5 : rdesktop (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rdesktop: Remote code execution in uicliphandledata CVE-2018-8800 - rdesktop versions up to and including...

The vulnerability of the setuid() module on the Node.js software platform, which allows a malicious actor to escalate their privileges

The vulnerability of the setuid module in the Node.js software platform is related to context switching errors during privilege escalation. Exploiting this vulnerability can allow an attacker to enhance their privileges...

ROS-20240603-01

A vulnerability in the PSP file parser of the GIMP graphics editor is related to number processing errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

PT-2024-4082 · Libvpx +10 · Libvpx +10

Name of the Vulnerable Software and Affected Versions: libvpx versions prior to 1.14.1 Description: The issue is related to integer overflows in the libvpx library, which can occur when calling vpx img alloc or vpx img wrap with large values of the d w, d h, or align parameters, or the stride ali...

CVE-2024-36391

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...

CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...

CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...

The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector arises from errors in the authentication process. These errors allow attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protecte...

CVE-2024-36912

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbusgpadl In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is share...

Medium: kernel

Issue Overview: The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. CVE-2019-19767 Affected Packages: kernel Note: This advisory...

PT-2024-40211 · Unknown · Form Framework

Name of the Vulnerable Software and Affected Versions: Form Framework affected versions not specified Description: A cross-site scripting issue has been found in the Form Framework related to the output of field validation errors. Recommendations: At the moment, there is no information about a...

SUSE-SU-2024:1845-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 bsc1223470: - CVE-2023-38264: Fixed Object Request Broker ORB denial of service bsc1224164. - CVE-2024-21094: Fixed C2 compilation fails with 'Exceeded noderegs array' bsc1222986. -...

python: Path traversal on tempfile.TemporaryDirectory

A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link...

python: Path traversal on tempfile.TemporaryDirectory

A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link...

silverstripe/framework may disclose database credentials during connection failure

When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...

GHSA-M2HH-2M46-X6J5 silverstripe/framework may disclose database credentials during connection failure

When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...