4991 matches found
CVE-2021-46941
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...
CVE-2021-46941 usb: dwc3: core: Do core softreset when switch mode
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...
x86: shadow stack vs exceptions from emulation stubs
ISSUE DESCRIPTION Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and...
Mozilla: Alert dialog could have been spoofed on another site
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...
Mozilla: Alert dialog could have been spoofed on another site
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...
Mozilla: Alert dialog could have been spoofed on another site
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...
CVE-2024-26595 mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix NULL pointer dereference in error path When calling mlxswspacltcamregiondestroy from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon...
Mozilla: Alert dialog could have been spoofed on another site
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...
Vulnerability fixed in Progress Kemp LoadMaster
Progress Kemp has fixed a vulnerability in LoadMaster. The vulnerability allows a malicious party to use specially API calls to issue system commands without being authorized. being authorized to do so. For successful exploitation, the malicious party must have access to the management interface...
Archer Platform Security Vulnerability
Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.14 P2 6.14.0.2 that stems from improper access control. An attacker exploiting this vulnerability could access API information with...
CVE-2024-25605
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...
PT-2024-15692 · WordPress · The Passster
Name of the Vulnerable Software and Affected Versions: The Passster – Password Protect Pages and Content plugin for WordPress versions up to, and including, 4.2.6.2 Description: The issue allows unauthenticated attackers to obtain sensitive information, including post titles, slugs, IDs, content,...
ALSA-2024:0887 Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...
Design/Logic Flaw
closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...
CVE-2023-47132
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls...
avro vs protobuf
A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and applicatio...
OESA-2024-1151 openjdk-11 security update
The OpenJDK runtime environment. Security Fixes: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can resu...
N-able N-central Security Vulnerabilities
N-able N-central is an RMM platform from N-able, Inc. providing large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central version 2023.6 and prior versions, which stems from a vulnerability th...
PT-2024-13410 · N Able · N-Able N-Central
Name of the Vulnerable Software and Affected Versions: N-able N-central versions prior to 2023.6 Description: An issue in N-able N-central allows attackers to gain escalated privileges via API calls. Recommendations: For versions prior to 2023.6, update to version 2023.6 or later to resolve the...
Elastic Security Breach
Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is primarily used in cloud computing and supports data indexing using JSON over HTTP. A security vulnerability exists in Elastic that stems from the possibility that a...