The vulnerability of the ath12k_htt_pull_ppdu_stats() function in the ath12k driver (Qualcomm Technologies Wi-Fi 7) for the Linux operating system allows a hacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the ath12khttpullppdustats function in the drivers/net/wireless/ath/ath12k/dprx.c file of the ath12k driver Qualcomm Technologies Wi-Fi 7 in the Linux operating system is related to reading memory beyond the allocated buffer. Exploiting this vulnerability could allow an...

Exploit for Insufficiently Protected Credentials in Jetbrains Aqua

CVE-2024-37051-EXP CVE-2024-3...

GO-2024-2815 Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings...

CVE-2024-2408

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

CVE-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

Fedora: Security Advisory for rust-pulldown-cmark (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

GO-2024-2692 Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble

Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble...

SUSE CVE-2021-32760

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access t...

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

Summary The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12. Vulnerability Details CVEID:CVE-2024-22338 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose sensitive...

CVE-2024-3924 Code Injection in huggingface/text-generation-inference

A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...

MinIO information disclosure vulnerability

Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified of the latest...

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...

CVE-2024-36364

CVE-2024-36364 concerns JetBrains TeamCity where improper access control in the Pull Requests and Commit status publisher build features could be exploited across multiple pre-2022.04.7/2022.10.6/2023.05.6/2023.11.5 branches. The vulnerability results in a potential bypass of security restriction...

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...

PT-2024-3937 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 Description: The issue is related to insufficient acce...

wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()

...

SUSE CVE-2024-35888

In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspanbasehdr is present in skb-head syzbot reported a problem in ip6erspanrcv 1 Issue is that ip6erspanrcv and erspanrcv no longer make sure erspanbasehdr is present in skb linear part skb-head before getting...