SUSE CVE-2024-52791

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking, which allows out-of-bounds reads of memory and can be exploited by an attacker to run arbitrary code in the context of an...

CVE-2024-52791

CVE-2024-52791 affects Matrix Media Repo (MMR). The issue is memory exhaustion when MMR parses large JSON responses from other servers, potentially consuming all available memory. The advisory states this is fixed in MMR v1.3.8 and recommends upgrading. If upgrading isn’t possible, mitigation opt...

GHSA-GP86-Q8HG-FPXJ matrix-media-repo (MMR) allows a denial of service through memory exhaustion

Impact MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. Patches This is fixed in MMR v1.3.8. Workarounds Forward...

PT-2025-2935 · Unknown +1 · Matrix Media Repo +1

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: The issue arises when Matrix Media Repo MMR makes requests to other servers as part of its normal operation, and these servers return large amounts of JSON for parsing. During parsing...

The vulnerability of Websoft HCM’s automation software for HR processes stems from improper path handling, allowing attackers to perform arbitrary file operations outside of the directory.

The vulnerability of Websoft HCM’s automation software for HR processes arises from improper handling of paths during the loading of specially crafted files. Exploiting this vulnerability allows an attacker to perform arbitrary file operations outside the directory...

IIT Bombay Bodhitree 代码注入漏洞

IIT Bombay Bodhitree is an online learning platform. A security vulnerability exists in IIT Bombay Bodhitree version cs101, which stems from incorrect input validation and a lack of restrictions on user processes, with malicious code injection, which could lead to Remote Code Execution RCE, syste...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...

CISA: Three Ps of Voting

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CVE-2024-47141 pinmux: Use sequential access to access desc->pinmux data

In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc-pinmux data When two client of the same gpio call pinctrlselectstate for the same functionality, we are seeing NULL pointer issue while accessing desc-muxowner. Let's say two processes...

Denial Of Service (DoS)

league/commonmark is vulnerable to Denial of service DoS. The vulnerability is due to unbounded resource exhaustion caused by inefficient code handling specially crafted Markdown inputs, which allows an attacker to tie up CPU resources or PHP-FPM processes and deny service to legitimate users...

biosimulator-processes (>=0.1.0 <=0.1.1), eulerpi (>=0.1.5 <=0.5.0) potentially affected by unknown CVE via amici (>=0.16.1 <=0.25.2)

amici PYPI version =0.16.1, =0.1.0, =0.1.5, =0.5.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-AMICI-8600633...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

Serviceware Processes 安全漏洞

Serviceware Processes is an enterprise service management software from Serviceware, Inc. A security vulnerability exists in Serviceware Processes versions 6.0 through 7.3 that stems from the presence of a remote code execution vulnerability that could allow an attacker to send a specially crafte...

PT-2024-33298 · Serviceware · Serviceware Processes

Name of the Vulnerable Software and Affected Versions: Serviceware Processes versions 6.0 through 7.3 Description: The issue allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint, resulting in remote code execution. Recommendations: For...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

CVE-2024-48956

CVE-2024-48956 affects Serviceware Processes versions 6.0 through 7.3 prior to 7.4. The issue enables unauthenticated attackers to send a specially crafted HTTP request to a service endpoint, leading to remote code execution. Public sources in the provided documents consistently describe this as ...