11651 matches found
CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...
Svakom Siime Eye 安全漏洞
Svakom Siime Eye is a smart home device from Svakom USA. A security vulnerability exists in Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14, which stems from the root user's password being hashed using an outdated and deprecated hashing technique...
UBUNTU-CVE-2024-51755
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...
UBUNTU-CVE-2024-51754
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
CVE-2024-51754 Unguarded calls to __toString() when nesting an object into an array in Twig
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...
GHSA-FPM5-2WCJ-VFR7 codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...
CVE-2024-10082
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...
MAL-2024-10475 Malicious code in babel-plugin-method-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29577c8ffc63866c4637065e68045167ad7f9d535d70f9d3cef45eaea4a00ffa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in babel-plugin-method-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29577c8ffc63866c4637065e68045167ad7f9d535d70f9d3cef45eaea4a00ffa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2024-34151 · Symfony +2 · Symfony/Securitybundle +2
Name of the Vulnerable Software and Affected Versions: symfony/security-bundle versions prior to 6.4.10 symfony/security-bundle versions prior to 7.0.10 symfony/security-bundle versions prior to 7.1.3 Description: The custom user checker defined on a firewall is not called when logging in...
Twig 安全漏洞
Twig is a PHP template engine open-sourced by Twig. Twig has a security vulnerability that stems from the fact that when an object is part of an array or parameter list in a sandbox, an attacker can call the toString method on the object even if the security policy does not allow it...
PT-2024-34885 · Twig +3 · Twig +3
Name of the Vulnerable Software and Affected Versions: Twig versions prior to 3.11.2 Twig versions prior to 3.14.1 Description: In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an...
CVE-2024-50117
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...
AZL-52500 CVE-2024-50117 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...
AZL-52471 CVE-2024-50117 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...
CVE-2024-50117 drm/amd: Guard against bad data for ATIF ACPI method
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...
CVE-2024-50117
CVE-2024-50117 affects the Linux kernel DRM/AMDGPU path (ATIF ACPI method). The vulnerability stems from bad data returned by BIOS ACPI ATIF calls, which could cause a NULL pointer dereference in the caller when amdgpu_atif_query_backlight_caps processes the result. The issue was resolved by guar...
CVE-2024-50117 drm/amd: Guard against bad data for ATIF ACPI method
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the drm/amd module to properly handle bad data provided by the BIOS when processing the ATIF AC...