CVE-2024-47855

CVE-2024-47855 affects JSON-lib: the file util/JSONTokener.java mishandles an unbalanced comment string in versions before 3.1.0 . The provided metrics indicate a base score of 5.3 (Medium), with the impact limited to Availability loss and no Confidentiality or Integrity impact. The Red Hat/Nessu...

JSON-lib 安全漏洞

Json-lib is a java library open-sourced by Kordamp. It is used to convert beans, maps, collections, java arrays and XML to JSON and back to beans and DynaBeans. A security vulnerability exists in JSON-lib versions prior to 3.1.0, which stems from util/JSONTokener.java incorrectly handling...

CVE-2024-47855

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

CVE-2024-47855

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

CVE-2024-47855

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

Keygen Protocol Exploitation

The Binance tss-lib is vulnerable to keygen protocol exploitation. The vulnerability is due to inadequate validation of the h1 and h2 parameters within the keygen protocol implementation, allows attackers to craft malicious parameters that can exploit the signing round process...

MAL-2024-8999 Malicious code in @helvetia-italia/ng-selly-lib-operator-dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1fd81a66a867d353506b97a895921b666f5831fa169eb6cef4e07ef98e259328 The OpenSSF Package Analysis project identified '@helvetia-italia/ng-selly-lib-operator-dashboard' @ 10.20.37 npm as malicious. It is considered...

The vulnerability of the get_huffman_diff() function in the src\x3f\x3futils_patched.cpp component of the LibRaw image processing library allows a attacker to cause a service failure.

The vulnerability of the gethuffmandiff function in the src\x3f\x3futilspatched.cpp component of the LibRaw image processing library is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to cause a service failure...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to insufficient authentication in the upgrade flow. An attacker can bypass access restrictions and perform unauthorized actions by exploiting the unprotected upgrade logic. Remediation...

CVE-2024-46795

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

CVE-2024-46795 ksmbd: unset the binding mark of a reused connection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

CVE-2024-46795 ksmbd: unset the binding mark of a reused connection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

BrandoCulqi (=1.0.1), IMAPServer (=0.1.0) +2300 more potentially affected by unknown CVE via lexical-core (>=0.1.3 <=0.8.5)

lexical-core CARGO version =0.1.3, =1.0.0, =1.0.1, =0.10.0-dev0, =0.2.0, =0.1.0, =0.2.0, =0.1.1, =0.5.1, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2326-PFPJ-VX3H...

RHSA-2007:0951 Red Hat Security Advisory: nfs-utils-lib security update

Bulletin has no description...

RHSA-2007:0913 Red Hat Security Advisory: nfs-utils-lib security update

Bulletin has no description...

RHSA-2005:033 Red Hat Security Advisory: alsa-lib security update

Bulletin has no description...

PT-2024-41009 · Colord · Colord

Name of the Vulnerable Software and Affected Versions: colord affected versions not specified Description: The issue is related to a potential local privilege escalation. This could be exploited by removing the script in the specfile which changes the ownership of /var/lib/colord. Recommendations...

Malicious code in @zarafront/lib-zds (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b7da81ddf52154f443baa27b56764a0be023447376bd6d8a3f587cc7db455f84 The OpenSSF Package Analysis project identified '@zarafront/lib-zds' @ 99.50.55 npm as malicious. It is considered malicious because: - The...

MAL-2024-8838 Malicious code in @zarafront/lib-zds (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b7da81ddf52154f443baa27b56764a0be023447376bd6d8a3f587cc7db455f84 The OpenSSF Package Analysis project identified '@zarafront/lib-zds' @ 99.50.55 npm as malicious. It is considered malicious because: - The...

Malicious code in open-wuji-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b545c17e3e6d2e0a14f46b48f10fd15e2eda7222a6e82ead13d4391cfacd9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...