CVE-2024-6749

Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. Axis has released...

CVE-2024-6476

Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security...

CVE-2024-6831

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for...

CVE-2024-6476

CVE-2024-6476 affects Axis Camera Station Pro. A non-admin user can gain system privileges by redirecting a file deletion on service restart. Root cause details are not fully provided in the available documents, but Axis has released patched versions and directs to the Axis security advisory for ...

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

CVE-2024-21538

A Regular Expression Denial of Service ReDoS vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string...

TOTOLINK A810R infostat.cgi buffer overflow vulnerability

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R infostat.cgi suffers from a buffer overflow vulnerability that can be exploited by a remote attacker to submit a special request that can crash the service program or execute arbitrary code in...

AZL-53627 CVE-2024-11586 affecting package pulseaudio 16.1-2

Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected...

UBUNTU-CVE-2024-11586

Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected...

The vulnerability of the cpumap component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the cpumap component in the Linux operating system’s kernel is related to the use of an uninitialized resource in the function cpumapbpfprogrunxdp. Exploiting this vulnerability can allow a attacker to cause a service failure...

ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions !NOTE When on a lower version than cosmossdk.io/math...

CVE-2024-21697

This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...

CVE-2024-21697

This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

CVE-2024-21539

The CVE-2024-21539 issue affects @eslint/plugin-kit versions before 0.2.3, which are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can drive higher CPU usage and crash the program. A fixed version is 0.2.3 or later. Other connected sour...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

pcp security update

6.2.2-7 - Fix buffer sizing checks in pmstore PDU handling RHEL-57809 - Guard against symlink attacks in pmpost program RHEL-57814 - Fix libpcpweb webgroup slow request refcounting RHEL-58307 - Updated pmdahacluster for newer crmmon versions RHEL-58303...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing lock causing a program to hang...