CVE-2024-43814

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally...

CLSA-2024-1726773445 Fix CVE(s): CVE-2024-7264

SECURITY UPDATE: Heap Buffer Overflow in ASN.1 Parser - debian/patches/CVE-2024-7264.patch: Clean up GTime2str function to handle optional fractional seconds properly. Fix GTime2str issues and add unit tests to verify correct behaviour - CVE-2024-7264...

CLSA-2024-1726313254 Fix CVE(s): CVE-2024-7264

SECURITY UPDATE: Heap Buffer Overflow in ASN.1 Parser - debian/patches/CVE-2024-7264.patch: Clean up GTime2str function to handle optional fractional seconds properly. Fix GTime2str issues and add unit tests to verify correct behaviour - CVE-2024-7264...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2106)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-32242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the handling of mailbox timeouts in the lpfc get sfp info routine. The MBX TIMEOUT return code is not handled, and the routine unconditionally frees submitted...

Teimas Teixo 跨站脚本漏洞

Teimas Teixo is a TEIMAS software from Teimas, Inc. developed specifically for agents, distributors and waste management companies. A cross-site scripting vulnerability exists in Teimas Teixo version 1.42.42-stable, which stems from a cross-site scripting XSS vulnerability in the parameter second...

PT-2024-27060 · Teixo · Teixo

Name of the Vulnerable Software and Affected Versions: Teixo version 1.42.42-stable Description: A cross-site scripting XSS issue has been identified, which could allow an attacker to send a specially crafted JavaScript payload via the seconds parameter in the program's URL. This could result in ...

CVE-2023-40459

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

kernel: usb: ucsi_acpi: Increase the command completion timeout

In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: Increase the command completion timeout Commit 130a96d698d7 "usb: typec: ucsi: acpi: Increase command completion timeout value" increased the timeout from 5 seconds to 60 seconds due to issues related to alternate...

function rngComplete is unpprotected

Lines of code Vulnerability details Impact The rngComplete is a function Called by the relayer to complete the Rng relay auction. However it has zero access control. Proof of Concept The function makes calls to the prizepool to close a draw, it also withdraws from a reserve. All these are done wi...

ZenLib 代码问题漏洞

ZenLib is a small C++ derived class of MediaArea open source. A code issue vulnerability exists in MediaArea ZenLib versions prior to 0.4.38, which stems from the function Ztring::DateFromSeconds1970Local in the file Source/ZenLib/Ztring.cpp, where manipulation of the parameter Value results in a...

PT-2023-11816 · Mediaarea +3 · Mediaarea Zenlib +3

Name of the Vulnerable Software and Affected Versions: MediaArea ZenLib versions up to 0.4.38 Description: A problematic vulnerability has been found in MediaArea ZenLib. This issue affects the function Ztring::Date From Seconds 1970 Local of the file Source/ZenLib/Ztring.cpp. The manipulation of...

BigBlueButton 授权问题漏洞

BigBlueButton is an open source Web conferencing system from the BigBlueButton community. bigBlueButton has an authorization issue vulnerability that can be exploited by attackers to send messages to locked chats within a 5s grace period after lockdown settings take effect...

PT-2022-19484 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions 2.2 through 2.3.17 BigBlueButton versions 2.4.0 Description: BigBlueButton is an open source web conferencing system. An attacker, who needs to be a participant in the meeting, could send messages to a locked chat withi...

CVE-2017-16114

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...

多款Goverlan产品安全漏洞

Goverlan Reach Console is a software-based, self-hosted IT remote support solution. Goverlan Reach Server is the central organization for all Goverlan services. Goverlan Reach Server is the central organization for all Goverlan services. Goverlan Client Agent is a secure, low footprint,...

SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

GHSA-HHM8-2J4G-MPGG SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

Grafana fine-grained access control API Key privilege escalation

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

PT-2022-26180 · Synapse · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.53.0 Description: The issue arises when Synapse attempts to generate URL previews for media stream URLs without properly limiting connection time. Connections are only terminated after a certain amount of data max...