GHSA-6QF2-7X63-MM6V Synapse pagination Denial of Service

Impact In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. Patches Update to Synapse 1.152.1 or later. Workarounds There are no known workaround...

EUVD-2024-33418

Malicious code in bioql PyPI...

CVE-2024-34408

Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile in codec/utils/DecodeStream.cpp via a crafted PAG Portable Animated Graphics file...

Linux Distros Unpatched Vulnerability : CVE-2024-10394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing i...

SUSE CVE-2024-10394

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

CVE-2024-10394

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

CVE-2024-10394

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

CVE-2024-10394

CVE-2024-10394 describes a local vulnerability in OpenAFS where an attacker can bypass the PAG throttling on Unix clients, allowing the creation of a PAG with an existing id and potentially stealing credentials in that PAG. Multiple connected advisories confirm the issue affects OpenAFS and outli...

CVE-2024-10394 Theft of credentials in Unix client PAGs

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

CVE-2024-10394 Theft of credentials in Unix client PAGs

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

PT-2024-16242 · Openafs +1 · Openafs +1

Name of the Vulnerable Software and Affected Versions: OpenAFS affected versions not specified Description: A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining...

UBUNTU-CVE-2024-50216

In the Linux kernel, the following vulnerability has been resolved: xfs: fix finding a last resort AG in xfsfilestreampickag When the main loop in xfsfilestreampickag fails to find a suitable AG it tries to just pick the online AG. But the loop for that uses args-pag as loop iterator while the...

pag-travel.com Cross Site Scripting vulnerability OBB-3942939

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pag-travel.com Improper Access Control vulnerability OBB-3941501

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-34408

Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile in codec/utils/DecodeStream.cpp via a crafted PAG Portable Animated Graphics file...

CVE-2024-34408

Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile in codec/utils/DecodeStream.cpp via a crafted PAG Portable Animated Graphics file...

PT-2024-25861 · Tencent · Libpag

Name of the Vulnerable Software and Affected Versions: Tencent libpag versions prior to 4.3.52 Description: The issue is related to an integer overflow in the checkEndOfFile function of DecodeStream.cpp, which can be triggered by a crafted PAG file. Recommendations: For versions prior to 4.3.52,...

CVE-2024-34408

Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile in codec/utils/DecodeStream.cpp via a crafted PAG Portable Animated Graphics file...

CVE-2024-34408

CVE-2024-34408 affects Tencent’s Libpag up to version 4.3.51. The vulnerability is an integer overflow in DecodeStream::checkEndOfFile() within codec/utils/DecodeStream.cpp triggered by a crafted PAG file. Several connected sources describe the issue and indicate potential code execution; Red Hat...

OMRON Industrial Automation CX-Supervisor CSNewDataSets Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling...