4175 matches found
CVE-2024-11616 Double-fetch heap overflow
Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both...
CVE-2024-11616 Double-fetch heap overflow
Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both...
PT-2024-17138 · Netskope · Netskope Endpoint Dlp
Name of the Vulnerable Software and Affected Versions: Netskope Endpoint DLP versions prior to R119 Description: A security issue arises from a double-fetch problem in the Content Control Driver of Netskope Endpoint DLP, leading to a heap overflow. This occurs because the NumberOfBytes argument t...
Malicious code in bitmex-node-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5cc7c20df046cd10e263fa37bcda6196d91e23537ce001e8ed4b9598700ad8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11916 Malicious code in bitmex-node-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5cc7c20df046cd10e263fa37bcda6196d91e23537ce001e8ed4b9598700ad8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
DEBIAN-CVE-2024-56169
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties such as Fort are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently...
BIT-NODE-MIN-2024-22025
A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...
hull.js Code Injection Vulnerability
Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of new Function... in the module that handles points format. Applications passing the 3rd parameter to the hull function without sanitising may be impacted. The vulnerability has been...
MAL-2024-11084 Malicious code in secure-fetch-utils-stable (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3b042899a3895febb34f95a4fe1c7825c2e278bb7f8625b82b7d220e66c7b5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in secure-fetch-utils-stable (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3b042899a3895febb34f95a4fe1c7825c2e278bb7f8625b82b7d220e66c7b5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11002 Malicious code in secure-fetch-utils-latest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c66dff7a321aed95e4731350eec61896cd1851d384cb7528dffa45045bbfcaf6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in secure-fetch-utils-latest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c66dff7a321aed95e4731350eec61896cd1851d384cb7528dffa45045bbfcaf6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2024-10396
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...
CLSA-2024-1731603213 Fix of 76 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-44946 - kcm: Serialise kcmsendmsg for the same socket. CVE-url: https://ubuntu.com/security/CVE-2024-42292 - kobjectuevent: Fix OOB access within zapmodaliasenv CVE-url: https://ubuntu.com/security/CVE-2024-41042 - netfilter: nftables: prefer...
CVE-2024-11212
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode leads to sql injection. The attack may...
SourceCodester Best Employee Management System 安全漏洞
SourceCodester Best Employee Management System is a SourceCodester open source employee management system. A security vulnerability exists in SourceCodester Best Employee Management System version 1.0, which originates from a SQL injection vulnerability in the barcode parameter of the...
FreeBSD : FreeBSD -- Certificate revocation list fetch(1) option fails (ce0f52e1-a174-11ef-9a62-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ce0f52e1-a174-11ef-9a62-002590c1f29c advisory. The fetch3 library uses environment variables for passing certain information, including the revocation...
CVE-2024-45289
The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...
CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer
The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...
CVE-2024-45289
CVE-2024-45289 affects FreeBSD: the fetch(3) library uses environment variables to pass info, including the revocation file pathname, but the fetch(1) option name was incorrect and effectively ignored the option. As a result, FreeBSD could connect to a host presenting a certificate listed in the ...