CVE-2024-28948

The CVE-2024-28948 entry describes a CSRF vulnerability in Advantech ADAM-5630. Affected product: ADAM-5630 (pre-2.5.2). Root cause: cross-site request forgery (CWE-352) enabling an attacker to partly bypass same-origin policy. Reported impact: high impact to confidentiality, integrity, and avail...

CVE-2024-28948 Advantech ADAM-5630 Cross-Site Request Forgery

Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...

CVE-2024-28948 Advantech ADAM-5630 Cross-Site Request Forgery

Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...

GO-2024-3131 SpiceDB having multiple caveats on resources of the same type may improperly result in no permission in github.com/authzed/spicedb

SpiceDB having multiple caveats on resources of the same type may improperly result in no permission in github.com/authzed/spicedb...

UBUNTU-CVE-2024-31146

When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be...

kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

A vulnerability was found in the Linux kernel's networking subsystem in the actapi implementation within the tcfidrcheckalloc function, which lead to a possible infinite loop when multiple actions with the same index are added, causing the second request to block indefinitely while holding the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page URL variable. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into the URL parameter. Details Cross-site scripting or XSS is a code vulnerability th...

UBUNTU-CVE-2024-46738

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmciresourceremove When removing a resource from vmciresourcetable in vmciresourceremove, the search is performed using the resource handle by comparing context and resource...

SpiceDB 安全漏洞

SpiceDB is a fine-grained permissions database from the Authzed team. A security vulnerability exists in SpiceDB versions prior to 1.35.3 that stems from the fact that setting multiple warnings for the same indirect subject type on the same relationship may result in no permissions being returned...

Flash Rosetta JSONP GET/POST Response Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSONP endpoint that accepts a custo...

Samsung Internet Browser SOP Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...

SUSE CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

UBUNTU-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

BIND's database will be slow if a very large number of RRs exist at the same name

...

PT-2024-40936 · Minitrace · Minitrace

Name of the Vulnerable Software and Affected Versions: minitrace affected versions not specified Description: The minitrace maintainers have decided to stop maintaining minitrace and are instead continuing its development under a new organizational structure. As a result, minitrace is no longer...

PT-2024-5765 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.0647 Description: The issue exists due to a double-free error in the src/alloc.c file, specifically in the tagstack clear entry function. When a window is closed, the corresponding tagstack data is cleared and freed...

Absolute Secure Access 安全漏洞

Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in Absolute Secure Access versions prior to 13.07 that stems from a cross-site scripting vulnerability in the management...

Matter 安全漏洞

Matter is a unified open source application layer connectivity standard open sourced by the Connectivity Standards Alliance. Designed to enable developers and device manufacturers to connect and build reliable, secure ecosystems and improve compatibility between connected home devices. A security...

ALPINE-CVE-2024-1737

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 throug...

PT-2024-12860 · Philips · Philips Vue Pacs

Name of the Vulnerable Software and Affected Versions: Philips Vue PACS affected versions not specified Description: A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information...