PT-2024-40780 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the insertComments function in com.github.javaparser.CommentsInserter, and the equals methods in...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server programs lies in the improper limitation of XML references to external objects, which allows attackers to gain unauthorized access to protected information.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized acces...

The vulnerability of the interactive browser environment for data analysis and visualization in Apache Zeppelin SAP arises from incorrect restrictions on XML links to external objects. This allows attackers to disclose sensitive information or cause service failures.

The vulnerability of the interactive browser environment for data analysis and visualization in Apache Zeppelin SAP is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2024-35810

A vulnerability was found in the drm/vmwgfx driver in the Linux kernel, concerning the lifetime management of the buffer object BO cursor memory. This issue occurs due to improper handling of the cursor memory's lifecycle, which could lead to use-after-free errors or crashes. Mitigation Mitigatio...

Insecure deserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

CVE-2024-35810

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The...

CVE-2024-35810

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The...

CVE-2024-35810 drm/vmwgfx: Fix the lifetime of the bo cursor memory

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The...

CVE-2024-35810

CVE-2024-35810 : In the Linux kernel, a fix addresses a vulnerability in drm/vmwgfx where the lifetime of bo cursor memory could be mishandled during cleanup while an atomic update is active. The kernel previously allowed cleanup to invalidate memory acquired during the atomic update, potentially...

CVE-2024-35810 drm/vmwgfx: Fix the lifetime of the bo cursor memory

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The...

Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will

...

Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory

...

SUSE CVE-2024-32021

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...

EulerOS Virtualization 3.0.6.0 : python-cryptography (EulerOS-SA-2024-1700)

According to the versions of the python-cryptography packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

PVS export wizard reports "No Devices Found to Export"

Unable to add PVS provisioned machines to Studio Machine Catalogs. When using the Export Devices Wizard, users receive the error "No Devices Found to Export". Issue remains even after deleting and recreating the AD computer objects...

eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities

This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...