4122 matches found
CVE-2024-26799
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...
CVE-2024-26799
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...
CVE-2024-26799 ASoC: qcom: Fix uninitialized pointer dmactl
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...
CVE-2024-26799 ASoC: qcom: Fix uninitialized pointer dmactl
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...
Exploit for Embedded Malicious Code in Tukaani Xz
How to detect the CVE-2024-3094 I'll walk through the step-by...
CVE-2024-26799
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...
Security Bulletin: Vulnerability in Cryptography, Werkzeug might affect IBM Storage Sentinel Anomaly Scan Engine (CVE-2023-49083, CVE-2023-46136)
Summary Vulnerabilities in python cryptography and pallets werkzeug may affect IBM Storage Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography and Pallets Werkzeugh allowing remote attacker cause a denial of service as described by the CVEs in the "Vulnerability Details"...
Jira - CVE-2024-22243
h3. Issue Summary We have several Customers waiting for a response about the vulnerability CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243, if it affects Atlassian products, in particular, Jira Data Center. h3. Steps to Reproduce Run Generic Security Scan Tool h3. Expected Results...
Abast SCAN_VISIO eDocument Suite Web Viewer 安全漏洞
Abast SCANVISIO eDocument Suite Web Viewer is a document viewer from Abast. A security vulnerability exists in Abast SCANVISIO eDocument Suite Web Viewer, which originates from an SQL injection vulnerability in the user parameter of the landing page. An unauthenticated attacker could use this...
The vulnerability of the ISE Posture (System Scan) module of the Cisco Secure Client (formerly Cisco AnyConnect Secure Mobility Client) security solution allows attackers to enhance their privileges.
The vulnerability of the ISE Posture System Scan module of the Cisco Secure Client formerly Cisco AnyConnect Secure Mobility Client security solution is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to increase their privileges...
GHSA-XXV9-W5HM-328J Jenkins AppSpider Plugin missing permission checks
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...
CVE-2024-28155
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...
CVE-2024-28155
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...
CVE-2024-20338
A vulnerability in the ISE Posture System Scan module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerabilit...
Code injection
A vulnerability in the ISE Posture System Scan module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerabilit...
kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
A list corruption flaw was found in cfg80211addnontranslist in the net/wireless/scan.c function in the Linux kernel. This flaw could lead to a denial of service...
kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()
A buffer overflow flaw was found in the u8 overflow in cfg80211updatenotlistednontrans in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows an attacker to crash the system or leak internal kernel information...
kernel: use-after-free in bss_ref_get in net/wireless/scan.c
A use-after-free flaw was found in bssrefget in the net/wireless/scan.c in the Linux kernel. This issue can lead to a denial of service or arbitrary code execution...
BIT-MEDIAWIKI-2021-41799
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks can cause a full table scan...
BIT-GITLAB-2023-3932 Incorrect User Management in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...