JVN#39280069: RevoWorks Cloud vulnerable to unintended process execution

RevoWorks Cloud provided by J’s Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized processes...

The vulnerability of the iommu/arm-smmu component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the iommu/arm-smmu component in the Linux operating system is related to the lack of registration cancellation when the process terminates. Exploiting this vulnerability can allow an attacker to cause a service failure...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A Competitive Condition Issue vulnerability exists in Linux kernel that stems from not properly protecting the reset and removal process...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel. An attacker exploiting the vulnerability can cause processes in a guest to block permanently...

CVE-2024-41733

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...

CVE-2024-41733 Information Disclosure Vulnerability in SAP Commerce

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...

CVE-2024-41733

Concrete details from connected sources confirm a candidate vulnerability in SAP Commerce: an information-disclosure issue that allows an attacker to determine whether a given email is associated with a valid user account during registration or login. The impact is confined to confidentiality (lo...

CVE-2024-43044

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

HMS Networks HMS Cosy+ 安全漏洞

HMS Networks HMS Cosy+ is an application for industrial remote access from HMS Networks, Sweden. A security vulnerability exists in HMS Networks HMS Cosy+ that stems from the presence of insecure privileges to execute multiple processes with elevated privileges...

CVE-2024-41075

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below: Generic, copen can only complete open request...

CVE-2024-41075 cachefiles: add consistency check for copen/cread

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below: Generic, copen can only complete open request...

CVE-2024-41075 cachefiles: add consistency check for copen/cread

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below: Generic, copen can only complete open request...

CVE-2020-11639

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

OPENSUSE-SU-2024:0214-1 Security update for python-sentry-sdk

This update for python-sentry-sdk fixes the following issues: - CVE-2024-40647: Do not leak environment variables to child processes. bsc1228128...

Sentry's Python SDK unintentionally exposes environment variables to subprocesses

Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...

The vulnerability of the Auto-attach Option Handler component of the JetBrains YouTrack software for managing projects and tasks allows a hacker to enable the automatic attachment of this option to work processes.

The vulnerability of the Auto-attach Option Handler component in the JetBrains YouTrack project and task management software is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to enable the automatic attachment option to the workflow processes...

CVE-2024-39537

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong...

CVE-2024-39562

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon sshd instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service DoS by blocking SSH access for legitimate...