UBUNTU-CVE-2022-29946

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...

CVE-2024-39531

An Improper Handling of Values vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service DoS. If a value is configured for DDoS bandwidth or burst parameters for any...

CVE-2024-39531 Junos OS Evolved: ACX 7000 Series: Protocol specific DDoS configuration affects other protocols

An Improper Handling of Values vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service DoS. If a value is configured for DDoS bandwidth or burst parameters for any...

PYSEC-2024-269

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

PYSEC-2024-269

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

DEBIAN-CVE-2024-39492

In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pmruntimegetsync warning in mbox shutdown The return value of pmruntimegetsync in cmdqmboxshutdown will return 1 when pm runtime state is active, and we don't want to get the warning message in this case. S...

PT-2024-29801 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from a change in how the maximum segment size is handled, specifically in the sdhci component. The function blk queue max segment size ensures that the maximum size is...

CVE-2024-31327

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

BIT-DISCOURSE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

PT-2024-23973 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of...

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

IBM MQ Operator Security Vulnerability

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security vulnerability exists in IBM MQ Operator version 3.2.2, version 2.0.24, which stems from a vulnerability that allows a user to bypass authentication under certain...

IBM MQ Operator Security Vulnerability

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security vulnerability exists in IBM MQ Operator version 3.2.2, version 2.0.24, which originates from allowing users to cause a denial of service due to a partial string...

PT-2024-29217

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock vulnerability has been resolved in the Linux kernel, specifically in the net: ks8851 module. The issue occurs when SMP is enabled and spinlocks are functional, causing a...

The vulnerability of the config_eq_output component (libavfilter/asrc_afirsrc.c) in the FFmpeg multimedia library allows a attacker to execute arbitrary code.

The vulnerability of the configeqoutput component libavfilter/asrcafirsrc.c in the FFmpeg multimedia library is related to buffer overflow in the “queue” mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the de_stereo component (af_dialoguenhance.c) in the FFmpeg multimedia library allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the destereo component afdialoguenhance.c in the FFmpeg multimedia library is related to buffer overflow in the “queue”. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a service failure...

CVE-2024-36122

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

CVE-2024-36122

Discourse vulnerability CVE-2024-36122 affects the open-source forum platform: moderators reviewing users in the review queue could see a user’s email address when the setting to “Allow moderators to view email addresses” is disabled. The issue affects versions prior to 3.2.3 on the stable branch...