VulnCheck KEV: CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands...

MAL-2024-9461 Malicious code in git-commit-message-convention (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94d09a62681923adfe2316c61633ccb26eeaa743e0350118824ffd40bb4c038c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in git-commit-message-convention (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94d09a62681923adfe2316c61633ccb26eeaa743e0350118824ffd40bb4c038c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-8375

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

CVE-2024-8375

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

CVE-2024-8375

CVE-2024-8375 affects Google DeepMind Reverb. A use-after-free vulnerability arises when unpacking a tensor proto of type VARIANT: memory is allocated for the tensor, objects are constructed, then tensor_content is copied into pre-allocated memory, overwriting vtable pointers. This enables an att...

CVE-2024-8375 Object deserialization in Reverb leading to RCE

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

FreeBSD-SA-24:14.umtx

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:14.umtx Security Advisory The FreeBSD Project Topic: umtx Kernel panic or Use-After-Free Category: core Module: kern Announced: 2024-09-04 Credits: Synacktiv...

Exploit for Out-of-bounds Write in Mozilla Firefox

CVE-2024-29943 A Pwn2Own SpiderMonkey JIT Bug: From Integer R...

Fedora: Security Advisory for rust-gimoji (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-gimoji-1.1.0-2.fc40

Easily add emojis to your git commit messages =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF =BF=BD...

SUSE CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to the improper handling of objects in memory by the std::sharedcount function. An attacker can cause a denial of service by crafting a malicious input. PoC c git clone https://github.com/qpdf/qpdf cd qpdf...

[SECURITY] Fedora 38 Update: rust-git-absorb-0.6.11-3.fc38

Git commit --fixup, but automatic...

[SECURITY] Fedora 39 Update: rust-git-absorb-0.6.11-3.fc39

Git commit --fixup, but automatic...

Mozilla: Truncated signed text was shown with a valid OpenPGP signature

The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header...

Mozilla: Truncated signed text was shown with a valid OpenPGP signature

The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header...

Mozilla: Truncated signed text was shown with a valid OpenPGP signature

The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header...

Email Spoofing

Thunderbird is vulnerable to Email Spoofing. The vulnerability is caused because when processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user as the text was interpreted as a MIME message and the first paragraph was always...

DEBIAN-CVE-2023-50762

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a...