PT-2024-6707 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: The issue is related to the use of memory after it has been freed, allowing remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interacti...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387: Race Condition in Signal Handling for OpenSSH...

SUSE CVE-2024-42262

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the performance extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it ...

SUSE CVE-2024-42263

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the timestamp extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it by...

The vulnerability of the Single Sign-On (SSO) function of the SAP BusinessObjects Business Intelligence platform allows a hacker to gain full access to the device.

The vulnerability of the Single Sign-On SSO function of the SAP BusinessObjects Business Intelligence platform is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the device by obtaining an...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in various products such as SAP Business Objects, SAP HANA, Netweaver and Document Builder. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Server Side Request Forgery SSRF. - Cross-Site...

CVE-2024-42375

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

CVE-2024-41731

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

GHSA-9M5J-4XX9-44J9 Pulp incorrectly assigns RBAC permissions in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

CVE-2024-5290

A vulnerability was found in the wpasupplicant package. This flaw allows a local unprivileged user who is part of the netdev group to achieve privilege escalation to the same user running wpasupplicant typically root. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

The vulnerability of the WebKit component of the visionOS operating system allows a hacker to inject arbitrary 3D objects and trigger a service failure.

The vulnerability of the WebKit component in the visionOS operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to inject arbitrary 3D objects into the system and cause service failures...

wpa_supplicant 安全漏洞

wpasupplicant is a cross-platform WPA request program. The program supports WEP, WPA, and WPA2, among others. A security vulnerability exists in wpasupplicant that stems from an issue with loading arbitrary shared objects, which allows a local, unprivileged attacker to elevate privileges to a use...

USN-6946-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain strings in floatformat function. An attacker could possibly use this issue to cause a memory exhaustion. CVE-2024-41989 It was discovered that Django incorrectly handled very large inputs. An attacker could possibly use this issue to cause...

USN-6945-1 wpa vulnerability

Rory McNamara discovered that wpasupplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root...