CVE-2024-36056

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages, leading to NT AUTHORITY\SYSTEM privilege escalation...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

Baidu Antivirus 安全漏洞

Baidu Antivirus is a permanently free cloud-based security antivirus software from the Chinese company Baidu Baidu. A security vulnerability exists in Baidu Antivirus version v5.2.3.116083, which originates from a problem in the driver that allows an attacker to terminate arbitrary processes by...

Interning at Rapid7 Prague: Meet Mko

Mkrtich Hovsepyan – most people call him Mko – is an intern at Rapid7’s fast-growing office in Prague. He graduated from the luminous Charles University in Prague, and is currently a first-year master’s student in Artificial Intelligence there. He was in our first impressive crop of interns, and ...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

[Important] [Security] Virtuozzo ReadyKernel Patch 170.1 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to the supported kernel 3.10.0-1160.119.1.vz7.224.4 of Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-160298 3.10.0-1160.119.1.vz7.224.4 Fixed container zombie processes shown as host processes. Fix...

SUSE CVE-2024-52791

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking, which allows out-of-bounds reads of memory and can be exploited by an attacker to run arbitrary code in the context of an...

CVE-2024-52791

CVE-2024-52791 affects Matrix Media Repo (MMR). The issue is memory exhaustion when MMR parses large JSON responses from other servers, potentially consuming all available memory. The advisory states this is fixed in MMR v1.3.8 and recommends upgrading. If upgrading isn’t possible, mitigation opt...

GHSA-GP86-Q8HG-FPXJ matrix-media-repo (MMR) allows a denial of service through memory exhaustion

Impact MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. Patches This is fixed in MMR v1.3.8. Workarounds Forward...

PT-2025-2935 · Unknown +1 · Matrix Media Repo +1

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: The issue arises when Matrix Media Repo MMR makes requests to other servers as part of its normal operation, and these servers return large amounts of JSON for parsing. During parsing...

The vulnerability of Websoft HCM’s automation software for HR processes stems from improper path handling, allowing attackers to perform arbitrary file operations outside of the directory.

The vulnerability of Websoft HCM’s automation software for HR processes arises from improper handling of paths during the loading of specially crafted files. Exploiting this vulnerability allows an attacker to perform arbitrary file operations outside the directory...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

IIT Bombay Bodhitree 代码注入漏洞

IIT Bombay Bodhitree is an online learning platform. A security vulnerability exists in IIT Bombay Bodhitree version cs101, which stems from incorrect input validation and a lack of restrictions on user processes, with malicious code injection, which could lead to Remote Code Execution RCE, syste...

firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...

CISA: Three Ps of Voting

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CVE-2024-47141 pinmux: Use sequential access to access desc->pinmux data

In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc-pinmux data When two client of the same gpio call pinctrlselectstate for the same functionality, we are seeing NULL pointer issue while accessing desc-muxowner. Let's say two processes...

Denial Of Service (DoS)

league/commonmark is vulnerable to Denial of service DoS. The vulnerability is due to unbounded resource exhaustion caused by inefficient code handling specially crafted Markdown inputs, which allows an attacker to tie up CPU resources or PHP-FPM processes and deny service to legitimate users...

biosimulator-processes (>=0.1.0 <=0.1.1), eulerpi (>=0.1.5 <=0.5.0) potentially affected by unknown CVE via amici (>=0.16.1 <=0.25.2)

amici PYPI version =0.16.1, =0.1.0, =0.1.5, =0.5.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-AMICI-8600633...