CVE-2024-1681

CVE-2024-1681 affects corydolphin/flask-cors and involves a log-injection flaw where a CRLF sequence in the request path can cause fake log entries to be written when log level is debug. The issue stems from improper output neutralization for logs and can enable log corruption. Connected advisori...

CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

OESA-2024-1461 libssh2 security update

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10. Security Fixes: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH...

SUSE CVE-2023-52645

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and after that the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs i...

EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

CVE-2024-2961

An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...

CVE-2024-3900

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...

UBUNTU-CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-3900

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...

UBUNTU-CVE-2024-3900

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...

CVE-2024-3900 Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...

CVE-2024-3900 Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...

CVE-2024-3900

CVE-2024-3900 affects Xpdf up to version 4.05. The issue is an out-of-bounds array write triggered by a long Unicode sequence in ActualText, resulting in an availability impact. Fedora advisories and Slackware/Nessus entries indicate the remediation is to upgrade to xpdf 4.06 or newer; Fedora 42/...

CVE-2024-3900

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...

CVE-2024-26827

A flaw was found in the Linux kernel. An incorrect TRE sequence in the gpidrivers/dma/qcom/gpi.c driver may lead to compromised availability...

CVE-2023-52645 pmdomain: mediatek: fix race conditions with genpd

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and after that the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs i...

DEBIAN-CVE-2024-26876

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: adv7511: fix crash on irq during probe Moved IRQ registration down to end of adv7511probe. If an IRQ already is pending during adv7511probe before adv7511cecinit then cecreceivedmsgts could crash using uninitialized...

CVE-2024-26827

CVE-2024-26827 entry is rejected/withdrawn by the CVE Numbering Authority and not an active vulnerability entry.