490 matches found
MAL-2024-11641 Malicious code in music-source-separation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a4aa4c5d893735fb71d4983056b6d254f087a4f5c82df6976e2efdab41f0c9f2 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in music-source-separation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a4aa4c5d893735fb71d4983056b6d254f087a4f5c82df6976e2efdab41f0c9f2 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Symfony 注入漏洞
Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony. Symfony suffers from an injection vulnerability that stems from allowing the separation of a PHP application from its global state...
DEBIAN-CVE-2024-50112
In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESSMASKING in most cases Linear Address Masking LAM has a weakness related to transient execution as described in the SLAM paper1. Unless Linear Address Space Separation LASS is enabled this weakness may be...
CVE-2024-50112 x86/lam: Disable ADDRESS_MASKING in most cases
In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESSMASKING in most cases Linear Address Masking LAM has a weakness related to transient execution as described in the SLAM paper1. Unless Linear Address Space Separation LASS is enabled this weakness may be...
CVE-2024-49993
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-49993
CVE-2024-49993 is associated with Linux kernel IOMMU VT-d flaws. The connected MiracleLinux advisory AXSA:2025-10392:38 notes iommuvt-d issues, including an explicit item: "iommu/vt-d: vulnerability may cause a soft lockup if qi_submit_sync() is called with zero invalidation descriptors, as the c...
K000141355: Multiple PHP vulnerabilities
Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...
The vulnerability of the application programming interface of the Grafana monitoring and observation platform’s Endpoint allows a perpetrator to escalate their privileges.
The vulnerability of the application programming interface of the Grafana monitoring and observation platform allows a perpetrator to enhance their privileges. This vulnerability is related to insufficient spatial separation. Exploiting this vulnerability could enable a remote perpetrator to...
A week in security (September 23 – September 29)
Last week on Malwarebytes Labs: Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution Telegram will hand over user details to law enforcement Don’t share the vir...
The vulnerability of the Python interpreter of the Cisco NX-OS operating system for Cisco Nexus switches allows a hacker to execute arbitrary commands.
The vulnerability of the Python interpreter in the Cisco NX-OS operating system of Cisco Nexus switches is related to insufficient spatial separation. Exploiting this vulnerability could allow an attacker to execute arbitrary commands in the basic operating system...
CVE-2024-45296
The Jira Service Management Data Center/Server DoS issue (CVE-2024-45296) stems from the path-to-regexp dependency, which can generate pathological regular expressions causing DoS on the main thread. Affected: Jira Service Management DC/Server versions 10.2.0–10.5.0. CVSS 3.1 vector: AV:N/AC:L/PR...
PT-2024-6552 · Grafana +3 · Grafana +3
Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue is related to the wrong permission being applied to the alert rule write API endpoint in Grafana. This allows users with permission to write external alert instances to also write...
OESA-2024-2018 pcp security update
PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A vulnerability has been identified in the Performance Co-Pilot P...
XZ backdoor: Hook analysis
Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident social engineering Part 3: XZ backdoor. Hook analysis In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned...
CVE-2024-27146
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL...
CVE-2024-27146 Lack of privileges separation
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL...
CVE-2024-27146 Lack of privileges separation
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL...
CVE-2024-27146
Summary (CVE-2024-27146): The Toshiba printers (notably Toshiba e-STUDIO/MFPs) are affected by a lack of privileges separation. The issue is documented across multiple sources (NVD, CVE lists, OpenVAS entry, and vendor advisories) and is described as the ability for an attacker who can access the...
PT-2024-21677 · Toshiba · Toshiba Printers
Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns the lack of privileges separation in Toshiba printers. There is no information provided about the estimated number of potentially affected devices worldwide or...