30468 matches found
CVE-2020-27814 affecting package openjpeg2 for versions less than 2.3.1-12
CVE-2020-27814 affecting package openjpeg2 for versions less than 2.3.1-12. A patched version of the package is available...
Wear OS Security Bulletin—July 2024Stay organized with collectionsSave and categorize content based on your preferences.
The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2024-07-05 or later from the July 2024 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...
CVE-2024-36404
GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...
CVE-2024-38519
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...
openldap security update
2.4.46-19 - Bump version to 2.4.46-19 - Resolves: RHEL-34283 - openldap: null pointer dereference in bermemallocx function...
CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...
BIT-HUBBLE-UI-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
BIT-HUBBLE-UI-BACKEND-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
PT-2024-5205 · Cocoapods · Cocoapods
Name of the Vulnerable Software and Affected Versions: CocoaPods affected versions not specified Description: The issue concerns the CocoaPods dependency manager, specifically the authentication server trunk.cocoapods.org. A problem was found in the part of the trunk that verifies whether a user...
Android Automotive OS Update Bulletin—August 2024Stay organized with collectionsSave and categorize content based on your preferences.
The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2024-08-05 or later from the August 2024 Android Security Bulletin in addition to all issues in this...
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
CVE-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik
authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...
CVE-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik
authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...
CLSA-2024-1719569368 pam: Fix of CVE-2024-22365
CVE-2024-22365: use ODIRECTORY to prevent local DoS situations...
WordPress Esteem Theme <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)
Software Esteem Type Theme Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37432 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a19e6eafcd7 Credits Michael Required privilege Author Published 28...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
PT-2024-22662 · Hitachi Vantara · Analyzer Plugin +1
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.1.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.7 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue...
CVE-2024-39362
CVE-2024-39362 is cited in Oracle Linux advisory ELSA-2024-12618 and in Nessus, tied to the I2C ACPI subsystem. The described issue is: i2c: acpi: Unbind mux adapters before delete. The sources do not provide exact root-cause details beyond this remediation note. Remediation is to apply the updat...