Oracle Linux 7 : edk2 (ELSA-2024-12794)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12794 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

Oracle Linux 7 : edk2 (ELSA-2024-12793)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12793 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

Siemens CP343-1 Devices Improper Verification of Source of a Communication Channel (CVE-2023-51440)

A vulnerability has been identified in SIMATIC CP 343-1 6GK7343-1EX30-0XE0 All versions, SIMATIC CP 343-1 Lean 6GK7343-1CX10-0XE0 All versions, SIPLUS NET CP 343-1 6AG1343-1EX30-7XE0 All versions, SIPLUS NET CP 343-1 Lean 6AG1343-1CX10-2XE0 All versions. Affected products incorrectly validate TCP...

edk2 security update

20240909 - Create new 20240909 release for OL8 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux...

edk2 security update

1.7.1 - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux kernel...

The vulnerability of the Passwork password manager lies in the improper implementation of the sequence of actions required for processing tasks. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the Passwork password manager is related to the incorrect implementation of the sequence of actions performed. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information...

CVE-2024-43873

...

Gradio 路径遍历漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from the isinorequal function designed to check whether a file is located in a...

PYSEC-2024-102

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

NuGet Package 'Microsoft.Recognizers.Text.Sequence' Detection

The remote host has a 'Microsoft.Recognizers.Text.Sequence' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

firefox: Clipboard write permission bypass

The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events...

The vulnerability of the Sequence Manager software in industrial environments lies in its insufficient validation of input data, allowing a malicious actor to trigger service failures.

The vulnerability of the Sequence Manager software in industrial environments is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger service failures remotely...

CVE-2024-6436

An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for...

CVE-2024-6436

An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for...

Rockwell Automation SequenceManager 安全漏洞

Rockwell Automation SequenceManager is a basic controller-based batch management from Rockwell Automation USA. An input validation error vulnerability exists in versions of Rockwell Automation SequenceManager prior to 2.0, which can be exploited by an attacker to send an incorrectly formatted...

PT-2024-6801 · Passwork · Passwork

Name of the Vulnerable Software and Affected Versions: Passwork affected versions not specified Description: The issue is related to the incorrect implementation of a sequence of actions in the password manager. Exploitation of this issue could allow a remote attacker to impact the integrity of...

kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()

leds in linux kernel permits calling sysfs attributes show/store functions after deactivate has been called...

kernel: mptcp: ensure snd_nxt is properly initialized on connect

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

kernel: drm/amdgpu: add error handle to avoid out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdmav40irqidtoseq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL...

PostgreSQL: Privilege Escalation

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...