PT-2024-9960

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 133 Mozilla Thunderbird versions prior to 133 Description: The issue is related to the NSC DeriveKey function in Mozilla Firefox and Thunderbird, which incorrectly assumes that the phKey parameter is always...

PDF-XChange Editor 缓冲区错误漏洞

PDF-XChange Editor is a PDF editor software and PDF reader. PDF-XChange Editor XPS file parsing has an out-of-bounds read remote code execution vulnerability that can be exploited by an attacker to execute code in the context of the current process...

CVE-2024-50226

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report 1, cxltest was updated to register mock memory-devices after the mock root-port/bus device had been...

Mz Automation Libiec61850 安全漏洞

Mz Automation Libiec61850 is an open source library for the IEC 61850 protocol from Mz Automation. A security vulnerability exists in Mz Automation Libiec61850 that stems from the presence of a null pointer dereference that allows a malicious server to cause a denial of service via an MMS...

CVE-2024-50226 cxl/port: Fix use-after-free, permit out-of-order decoder shutdown

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report 1, cxltest was updated to register mock memory-devices after the mock root-port/bus device had been...

CVE-2024-50226

CVE-2024-50226 : Linux kernel vulnerability in the CXL port code. A use-after-free during teardown of a region with multiple endpoint decoders (example: decoders 7.0 and 14.0 sharing a switch-decoder 3.0) could allow out-of-order shutdown and leave stale references. The patch ensures: (1) proper ...

CVE-2024-10975

CVE-2024-10975 affects HashiCorp Nomad: Nomad Community Edition prior to 1.9.2 and Nomad Enterprise prior to 1.9.2, 1.8.7, or 1.7.15. The issue allows arbitrary cross-namespace volume creation via unauthorized CSI writes, with CVSS v3.1 base score 7.7 (HIGH): network attack vector, requiring low ...

CVE-2024-50141

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

CVE-2024-50141 ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

The vulnerability of the Quality Manager Specification component in the Oracle Process Manufacturing (OPM) application for process development management system of the Oracle E-Business Suite allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the Quality Manager Specification component in the Oracle Process Manufacturing OPM application for process development management system of the Oracle E-Business Suite is related to deficiencies in the authorization procedures. Exploiting this vulnerability could allow an...

CVE-2024-21250

Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite component: Quality Manager Specification. Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...

Agent Dart is missing certificate verification checks

Certificate verification in lib/agent/certificate.dart has been found to contain two issues: - During the delegation verification in checkDelegation function the canisterranges aren't verified. The impact of not checking the canisterranges is that a subnet can sign canister responses in behalf of...

Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Amazon Linux 2023 : runc (ALAS2023-2024-725)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-725 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or...

RUSTSEC-2024-0402 Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

PT-2024-40947 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.15.1 Description: The issue concerns the borsh serialization of the HashMap, which did not adhere to the borsh specification. This led to potential non-canonical encodings that depended on the insertion order, an...

CentOS 7 : docker (RHSA-2024:1270)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1270 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file...

Bluetooth Core Specification 安全漏洞

The Bluetooth Core Specification is a specification for Bluetooth. It defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. Overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced...