2284 matches found
CVE-2024-24989
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
K000138445: NGINX HTTP/3 QUIC vulnerability CVE-2024-24990
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24990 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...
K000138444: NGINX HTTP/3 QUIC vulnerability CVE-2024-24989
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24989 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CLSA-2024-1707822783 Fix CVE(s): CVE-2023-5868, CVE-2023-5870
SECURITY UPDATE: Memory disclosure in aggregate function calls - debian/patches/CVE-2023-5868.patch: Compute aggregate argument types correctly in transformAggregateCall. - CVE-2023-5868 SECURITY UPDATE: Role "pgsignalbackend" can signal certain superuser processes -...
Siemens Tecnomatix Plant Simulation 缓冲区错误漏洞
Tecnomatix Plant Simulation models, simulates, explores and optimizes logistics systems and their processes. These models allow material flow, resource utilization and logistics analysis of all manufacturing plans from global production facilities to local plants and specific production lines pri...
The vulnerability of the Installation component of the Oracle Agile Product Lifecycle Management for Processes application allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Installation component of the Oracle Agile Product Lifecycle Management for Process application is related to insufficient validation of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of the...
Security Bulletin: Vulnerabilities in GSKit affect Content Manager Enterprise Edition (CVE-2015-7421)
Summary Vulnerabilities were discovered in GSKit. Content Manager Enterprise Edition uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG...
selinux-policy bug fix update
An update is available for selinux-policy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The selinux-policy packages contain the rules that govern how confined...
USN-6570-1: PostgreSQL vulnerabilities
Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. CVE-2023-5869 Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL...
USN-6570-1 postgresql-9.5 vulnerabilities
Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. CVE-2023-5869 Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL...
ZTE ZXCLOUD iRAI Security Vulnerability
ZTE ZXCLOUD iRAI is a virtualization device from ZTE Corporation ZTE, China. A security vulnerability exists in ZTE ZXCLOUD iRAI version 7.23.31 and earlier versions. An attacker can exploit the vulnerability to create fake processes to elevate privileges...
Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...
Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...
Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...
Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...
Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...
Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...
Mastering Industrial Cybersecurity: The Significance of Combining Vulnerability Management with Detection and Response
Written by Elad Ben-Meir, CEO SCADAfence, a Honeywell company. In today's digital era, where industries are increasingly reliant on advanced technologies, safeguarding critical infrastructure against cyber threats has become paramount. The convergence of operational technology OT and information...