2874 matches found
MAL-2024-8087 Malicious code in open-wuji-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b545c17e3e6d2e0a14f46b48f10fd15e2eda7222a6e82ead13d4391cfacd9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-43896
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.getvariable is NULL Call efirtservicessupported to check that efi.getvariable exists before calling it...
CVE-2024-43896
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.getvariable is NULL Call efirtservicessupported to check that efi.getvariable exists before calling it...
CVE-2024-43896 ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.getvariable is NULL Call efirtservicessupported to check that efi.getvariable exists before calling it...
CVE-2024-43896 ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.getvariable is NULL Call efirtservicessupported to check that efi.getvariable exists before calling it...
CVE-2024-43896
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.getvariable is NULL Call efirtservicessupported to check that efi.getvariable exists before calling it...
GO-2022-0769 Incorrect Default Permissions in Binance tss-lib in github.com/binance-chain/tss-lib
Incorrect Default Permissions in Binance tss-lib in github.com/binance-chain/tss-lib...
Dovecot IMAP Server 2.2 / 2.3 Denial Of Service
Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...
CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
DEBIAN-CVE-2024-42274
In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e "ALSA: firewire-lib: operate for period elapse event in process context" removed the process context workqueue from...
CVE-2024-42274
CVE-2024-42274 affects the Linux kernel’s ALSA firewire-lib. Reverting commit 7ba5ca32fe6e caused by removing the process-context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() introduced AB/BA deadlock competition for the substream lock, potentially freezing systems u...
MAL-2024-8012 Malicious code in @avaldigitallabs/adl-pfm-lib-web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95ed6f4ad493c3bd3069194fa08ab5dd589b970ecc22219f0b5bf9162b0ecfa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CLSA-2024-1723146030 Fix CVE(s): CVE-2021-3733
SECURITY UPDATE: Regular Expression Denial of Service - debian/patches/CVE-2021-3733.patch: Fix ReDoS vulnerability in AbstractBasicAuthHandler class of Lib/urllib2.py - CVE-2021-3733...
CVE-2024-42252
CVE-2024-42252 is described as a Linux kernel vulnerability resolved by replacing BUG_ON() with WARN_ON() in the closure handling path. The issue arises if a BUG_ON() can be hit in the wild, which would not be appropriate and could lead to a kernel oops. The fix is to use WARN_ON() instead of BUG...
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads...
GHSA-XCR9-PM5W-GVH2 ICEcoder vulnerable to Cross Site Scripting
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/settings-screen.php...
ICEcoder vulnerable to Cross Site Scripting
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/settings-screen.php...
ICEcoder vulnerable to Cross Site Scripting
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/terminal-xhr.php...
CVE-2024-41375
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/terminal-xhr.php...