AZL-33969 CVE-2024-23850 affecting package kernel for versions less than 5.15.153.1-1

In btrfsgetrootref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation...

UBUNTU-CVE-2024-23850

In btrfsgetrootref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation...

CVE-2024-23850

CVE-2024-23850 affects the Linux kernel (through 6.7.1) in btrfs_get_root_ref (fs/btrfs/disk-io.c): subvolumes can be read too soon after their root item is inserted during subvolume creation, leading to an assertion failure and crash. Connected advisories confirm this issue across multiple Linux...

CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

CVE-2024-20677

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have acces...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1079)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...

CVE-2023-6631

CVE-2023-6631 affects Subnet Solutions PowerSYSTEM Center (PowerSYSTEM Center 2020 Update 16 and earlier; 5.0.x–5.16.x). The vulnerability is an unquoted search path/element in the service path that authorized local users can abuse to insert arbitrary code and achieve privilege escalation. Affect...

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

Sql injection

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

CVE-2023-6921 SQL Injection in PrestaShop Google Integrator

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

CVE-2023-6921 SQL Injection in PrestaShop Google Integrator

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

NewStart CGSL MAIN 6.06 : cyrus-sasl Multiple Vulnerabilities (NS-SA-2023-0087)

The remote NewStart CGSL host, running version MAIN 6.06, has cyrus-sasl packages installed that are affected by multiple vulnerabilities: - cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of- service in OpenLDAP via a malformed LDAP packet. Th...

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.

...

Reverting when the heap is full

Lines of code Vulnerability details Reverting when the heap is full: a You mentioned in the comments that the function will revert if the heap is full. b However, the code as it stands doesn't have any logic to check if the heap is indeed full. c Depending on the context, you might want to add a...

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Summary There are multiple vulnerabilities in Curl that affect PowerSC. PowerSC uses Curl as part of PowerSC Trusted Network Connect TNC. Vulnerability Details CVEID:CVE-2023-38039 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by not limiting the number and size of header...

UBUNTU-CVE-2023-50471

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c...

SUSE SLES15 Security Update : SUSE Manager Proxy and Retail Branch Server 4.3 (SUSE-SU-2023:4758-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4758-1 advisory. - An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server...

CVE-2023-49922 Beats Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...