Flock Safety Gunshot Detection 安全漏洞

Flock Safety Gunshot Detection is a gunshot detection system from Flock Safety USA. A security vulnerability exists in Flock Safety Gunshot Detection versions prior to 1.3, which stems from the explicit storage of code...

SUSE CVE-2024-40974

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...

DEBIAN-CVE-2024-40974

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...

CVE-2024-26932 usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpmportunregisterpd When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is...

K37250780: TMOS vulnerability: Password changes for local users may not be preserved unless the configuration is explicitly saved

Security Advisory Description When changing local user passwords at first boot, the password update may not be preserved unless the configuration is explicitly saved. This will leave the system in a state where it still accepts the old password, and the new password cannot be used to log in. This...

ventilateur-plafond.net Cross Site Scripting vulnerability OBB-2966102

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

easuransi-simulasi.rsbindramayu.id Cross Site Scripting vulnerability OBB-2561280

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Adopting a Zero Trust approach throughout the lifecycle of data

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust...

Authorization Bypass

curl is vulnerable to authorization bypass. The vulnerability is present only if OpenSSL is the designated TLS backend. OCSP stapling is not enabled by default by libcurl, it needs to be explicitly enabled by the application to get used...

HackerOne: Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos

@nagli found a misconfiguration in an interstitial page that could lead to a link to be indexed by a 3rd party. This could have exposed links to proof of concepts that HackerOne users had posted on hackerone.com. This affected a specific set of customers, which HackerOne worked together with to...

ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle

Matthias Andree reports that the ca-bundle.pl used in older versions of the carootnss FreeBSD port before 3.12.11 did not take the Mozilla/NSS/CKBI untrusted markers into account and would add certificates to the trust bundle that were marked unsafe by Mozilla...

CVE-2002-1874

astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect...