Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

GHSA-9M5J-4XX9-44J9 Pulp incorrectly assigns RBAC permissions in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

CVE-2024-5290

A vulnerability was found in the wpasupplicant package. This flaw allows a local unprivileged user who is part of the netdev group to achieve privilege escalation to the same user running wpasupplicant typically root. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

The vulnerability of the WebKit component of the visionOS operating system allows a hacker to inject arbitrary 3D objects and trigger a service failure.

The vulnerability of the WebKit component in the visionOS operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to inject arbitrary 3D objects into the system and cause service failures...

wpa_supplicant 安全漏洞

wpasupplicant is a cross-platform WPA request program. The program supports WEP, WPA, and WPA2, among others. A security vulnerability exists in wpasupplicant that stems from an issue with loading arbitrary shared objects, which allows a local, unprivileged attacker to elevate privileges to a use...

USN-6946-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain strings in floatformat function. An attacker could possibly use this issue to cause a memory exhaustion. CVE-2024-41989 It was discovered that Django incorrectly handled very large inputs. An attacker could possibly use this issue to cause...

USN-6945-1 wpa vulnerability

Rory McNamara discovered that wpasupplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root...

CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

PT-2024-25079 · Qualcomm · Snapdragon +92

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time...

GHSA-28MC-G557-92M7 @75lb/deep-merge Prototype Pollution vulnerability

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

UBUNTU-CVE-2024-42109

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nftctxupdate include/net/netfilter/nftables.h:1831 KASAN: slab-uaf in nftcommitrelease net/netfilter/nftablesapi.c:9530...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ability to leak pointers to linked table objects through registers...

kernel: vmwgfx: race condition leading to information disclosure vulnerability

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

kernel: vmwgfx: race condition leading to information disclosure vulnerability

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

CVE-2024-6960

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class whitelist. An attacker can construct ...