CLSA-2026-1778749215 ghostscript: Fix of 2 CVEs

CVE-2024-29508: heap pointer disclosure in pdfbasefontalloc via synthesized BaseFont name - CVE-2025-48708: argument sanitisation missed '' separator, leaking -sUserPasswordsecret values into output PDF metadata...

EUVD-2016-4848

Malware in sbrugna...

EUVD-2014-9485

Malware in sbrugna...

EUVD-2024-26511

Malicious code in bioql PyPI...

EUVD-2024-39875

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-3823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x befor...

Linux Distros Unpatched Vulnerability : CVE-2024-42331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently...

CVE-2019-5066

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document nee...

SUSE CVE-2024-42331

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...

DEBIAN-CVE-2024-42331

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...

CVE-2024-42331

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...

UBUNTU-CVE-2024-42331

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...

Zabbix 资源管理错误漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A resource management error vulnerability exists in Zabbix, which stems from the presence of a post-release reuse vulnerability that stem...

UBUNTU-CVE-2024-53080

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 "drm/panthor: Fix race when converting group handle to group object" we need to use the XArray's internal locking when retrieving a vm pointe...

CVE-2024-53080 drm/panthor: Lock XArray when getting entries for the VM

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 "drm/panthor: Fix race when converting group handle to group object" we need to use the XArray's internal locking when retrieving a vm pointe...

CVE-2024-53080

CVE-2024-53080 concerns the Linux kernel’s drm/panthor path, where a race occurs when retrieving a vm pointer from an internal XArray. The patch requires using the XArray’s internal locking to guard this operation, per the description. A follow-up note clarifies that the patch removed protection ...

OESA-2024-2161 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...

OESA-2024-2160 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...

OESA-2024-2159 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...

openSUSE Security Advisory (SUSE-SU-2024:2627-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...