Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)

Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...

PT-2024-6666

Name of the Vulnerable Software and Affected Versions: Qualcomm Multiple Chipsets affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Digital Signal Processor DSP service of Qualcomm chipsets, which can lead to memory corruption while...

PT-2024-37680 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.7.9 Description: A vulnerability was found in the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT TYPE leads to cross site scripting. The atta...

PT-2024-23621 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-641-2-g1529b83 Description: An issue was discovered in Bento4, leading to a Denial of Service DoS. The issue is a heap-use-after-free in AP4 UnknownAtom::AP4 UnknownAtom at Ap4Atom.cpp, as demonstrated by mp42ts...

PT-2023-21318 · Blackvue · Blackvue Dr750-2Ch Lte

Name of the Vulnerable Software and Affected Versions: BlackVue DR750-2CH LTE version 1.012 2022.10.26 Description: The issue concerns the lack of authenticity check for uploaded firmware, allowing attackers to upload crafted firmware that contains backdoors and enables arbitrary code execution...

PT-2023-20835 · Green Packet · Ot-235 +1

Name of the Vulnerable Software and Affected Versions: GreenPacket OH736's WR-1200 Indoor Unit version M-IDU-1.6.0.3 V1.1 GreenPacket OH736's OT-235 version MH-46360-2.0.3-R5-GP Description: The issue allows for remote command injection. Commands are executed before login and with root privileges...

PT-2022-26478 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the MiscService::DoOemSetTcsFci function of miscservice.cpp due to a missing bounds check. This could lead to local information disclosure, requiring System...

PT-2018-1757

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.42 Description The issue is caused by a directory traversal vulnerability in the WinBox interface of MikroTik RouterOS, allowing unauthenticated remote attackers to read arbitrary files and remote...