CVE-2024-27115

CVE-2024-27115 corresponds to an authenticated RCE in SOPlanning via PHP file upload. The nuclei template specifies exploitation of SOPlanning 1.52.01 through authenticated file upload, enabling an attacker to upload and execute PHP code. Remediation is to upgrade to a version newer than 1.52.01,...

SUSE-SU-2024:3200-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2024-6923: Fixed email header injection due to unquoted newlines bsc1228780 Other fixes: - %profileopt variable is set according to the variable %doprofiling bsc1227999 - Stop using %%defattr, it seems to be breaking proper executable...

Malicious code in colourfulls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...

MAL-2024-12246 Malicious code in colourfulls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...

OESA-2024-2105 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Malicious code in cblines (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 80531e39cd96b75b32c7549840f7bc6984377765d9f9f663c0b560332b4e1b84 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

Malicious code in pymatcha (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 779c6dd8d3b44cbb116c534cbd88dd2a73e5ee6f946e7e37c66f7eba13dedefd Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

MAL-2024-12332 Malicious code in pymatcha (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 779c6dd8d3b44cbb116c534cbd88dd2a73e5ee6f946e7e37c66f7eba13dedefd Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

Vivavis 权限许可和访问控制问题漏洞

Vivavis is an automated control system from Vivavis, Inc. Vivavis suffers from a Permission Permission and Access Control Issues vulnerability that stems from an authorization issue contained in prunsrv.exe that could lead to arbitrary code execution...

SUSE: Security Advisory (SUSE-SU-2024:3076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

CVE-2024-45312

Summary: CVE-2024-45312 affects Overleaf Community Edition and Server Pro before 5.0.7 (or 4.x before 4.2.7). The issue lets an arbitrary language parameter in client spelling requests reach the server’s aspell process, causing it to load a dictionary file with an arbitrary filename; access is li...

SUSE-SU-2024:3076-1 Security update for python39

This update for python39 fixes the following issues: Security issues fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines bsc1228780 - CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer bsc1227233 Non-security issues fixed: - Fixed executable bits for...

DEBIAN-CVE-2024-0111

NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering...

DEBIAN-CVE-2024-0110

NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service...

NVIDIA CUDA toolkit 安全漏洞

The NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in the NVIDIA CUDA toolkit that originates from a user may cause a crash or produce incorrect output by passing ...

PT-2024-15349 · Nvidia +1 · Nvidia Cuda Toolkit +1

Name of the Vulnerable Software and Affected Versions: NVIDIA CUDA Toolkit affected versions not specified Description: The issue is related to the 'cuobjdump' command in the NVIDIA CUDA Toolkit, which can be exploited by passing a malformed ELF file. This can cause a crash or produce incorrect...

Spring Boot CDS support and Project Leyden anticipation

How can Spring Boot developers improve the runtime efficiency of their applications with minimal constraints in order to enjoy those benefits on most applications? The answer is the CDS support introduced by Spring Boot 3.3 which allows you to start your Spring Boot applications faster and consum...