CVE-2024-43373 webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

CVE-2024-43373

CVE-2024-43373 - webcrack : A Windows-specific arbitrary file write vulnerability exists in the webcrack module when processing crafted code with the unpack bundles and saving features. The root cause is a path traversal check that can be bypassed due to using POSIX path utilities, allowing an at...

GHSA-CCQH-278P-XQ6W webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

Summary An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path...

ALSA-2024:5289 Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...

CVE-2024-42030

CVE-2024-42030 describes an access privilege verification vulnerability in Huawei HarmonyOS/EMUI’s Content Sharing Popup module. The issue is that an attacker could exploit a flawed privilege check to compromise service confidentiality with local access (no user interaction required; CVSS v3.1: A...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which arises from an out-of-bounds read vulnerability contained in the WLAN Host Communication module...

Exploit for CVE-2024-31211

It is an exploit module/toolkit targeting unspecified products/s...

GO-2024-3012 Malicious code in github.com/PromonLogicalis/asn1

Version 7bdca06d0edf of the github.com/PromonLogicalis/asn1 module contains malicious code which downloads a program from a remote web server and executes it...

CVE-2024-41044

In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'pppasyncencode' assumes valid LCP packets with code from 1 to 7 inclusive, add 'pppcheckpacket' to ensure that LCP packet has an actual body beyond PPPLCP header...

CVE-2024-42080

CVE-2024-42080 affects Linux kernels with the RDMA restrack entry handling. The issue arises when ib_create_cq() sets rdma_restrack_entry kern_name to KBUILD_MODNAME; if the module exits without deleting this entry, rdma_restrack_clean() may perform an invalid address access when printing the own...

CVE-2024-42080 RDMA/restrack: Fix potential invalid address access

In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdmarestrackentry's kernname was set to KBUILDMODNAME in ibcreatecq, while if the module exited but forgot del this rdmarestrackentry, it would cause a invalid address...

CVE-2024-39672

Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...

CVE-2024-41004

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

CVE-2024-41004

CVE-2024-41004 affects the Linux kernel tracing tests for build event generation in kprobes/synth tests. The vulnerability arises when those test modules are built-in instead of modular, causing events to remain locked in the kernel and breaking kprobe self-tests, which in turn causes ftracetest ...

Node.js Module @sap/xssec < 3.6.0 Privilege Escalation

The nodejs module @sap/xssec detected on the host is prior to version 3.6.0. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for these...

CVE-2024-36479

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

CVE-2024-35247

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

CVE-2024-34991

In the module "Axepta" axepta before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information expiry date / postal address / email / etc. without restriction due to a lack of permissions control...

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...