2277 matches found
[SECURITY] Fedora 41 Update: python-rpyc-6.0.1-1.fc41
RPyC, or Remote Python Call, is a transparent and symmetrical python library for remote procedure calls, clustering and distributed-computing. RPyC makes use of object-proxies, a technique that employs python's dynamic nature, to overcome the physical boundaries between processes and computers, s...
CVE-2024-48545
Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...
CVE-2024-48544
Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file...
Using Volatility for advanced memory forensics
TL;DR Memory forensics enhances investigations by analysing volatile data in RAM unavailable in disk forensics. Key insights from memory include running processes , network connections , encryption keys , and user activity , vital for real-time investigations. Smaller memory images 4-32 GB offer...
CVE-2024-48546
CVE-2024-48546 affects the Wear Sync mobile app (Wear Sync v1.2.0). The issue is incorrect access control in the firmware update and download processes, allowing an attacker to access sensitive information by inspecting code/data inside the APK. Documented impact is high for confidentiality, inte...
CVE-2024-48542
Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...
CVE-2024-48546
Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...
CVE-2024-48538
CVE-2024-48538 affects Neye3C v4.5.2.0, where incorrect access control during firmware update and download enables an attacker to access sensitive information by inspecting code/data inside the APK. Root cause is improper access control in the update/download workflow; impact is exposure of confi...
The vulnerability of the Award Processes component of the procurement management platform Oracle Contract Lifecycle Management for the public sector, which is part of the enterprise automation system Oracle E-Business Suite. This vulnerability allows a perpetrator to gain unauthorized access to create, read, modify, and delete data.
The vulnerability of the Award Processes component of the procurement management platform Oracle Contract Lifecycle Management for the public sector system is related to deficiencies in the authorization mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...
OneDev 信息泄露漏洞
OneDev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. A security vulnerability exists in versions...
CVE-2024-47560
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local...
Synology DiskStation Manager Samba Out-of-bounds Read (CVE-2019-14907)
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...
RevoWorks Cloud vulnerable to unintended process execution
Overview RevoWorks Cloud provided by J's Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized...
JVN#39280069: RevoWorks Cloud vulnerable to unintended process execution
RevoWorks Cloud provided by J’s Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized processes...
The vulnerability of the iommu/arm-smmu component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the iommu/arm-smmu component in the Linux operating system is related to the lack of registration cancellation when the process terminates. Exploiting this vulnerability can allow an attacker to cause a service failure...
Linux kernel 竞争条件问题漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A Competitive Condition Issue vulnerability exists in Linux kernel that stems from not properly protecting the reset and removal process...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel. An attacker exploiting the vulnerability can cause processes in a guest to block permanently...
CVE-2024-41733
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...
CVE-2024-41733
Concrete details from connected sources confirm a candidate vulnerability in SAP Commerce: an information-disclosure issue that allows an attacker to determine whether a given email is associated with a valid user account during registration or login. The impact is confined to confidentiality (lo...
CVE-2024-41733 Information Disclosure Vulnerability in SAP Commerce
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...