Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

...

zerovec-derive incorrectly uses `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

GHSA-XRV3-JMCP-374J zerovec incorrectly uses `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

RUSTSEC-2024-0346 Incorrect usage of `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

PT-2024-40913 · Softwarex +1 · Softwarex +1

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.9.7 SoftwareX versions prior to 0.10.4 Description: The issue arises from unsafe memory accesses due to the assumption that reprpacked guarantees a specific field order in structs. However, the Rust specification...

The vulnerability of the Labvantage LIMS file /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y allows a attacker to execute XSS attacks.

The vulnerability of the Labvantage LIMS file /labvantage/rc?command=page&page=LVViewSampleSpec&oosonly=Y&sdialog=Y is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks through the...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

Malicious code in elasticsearch-client-specification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 135b81ee4c5cd6816ab6d993d70f307d56438812d60a3364b38638cc80b4ce68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1607 Malicious code in elasticsearch-client-specification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 135b81ee4c5cd6816ab6d993d70f307d56438812d60a3364b38638cc80b4ce68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 treat the Content-Type...

PT-2024-27665

Name of the Vulnerable Software and Affected Versions lepture Authlib versions prior to 1.3.1 Description The issue concerns algorithm confusion with asymmetric public keys in lepture Authlib. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric...

GHSA-VVM3-RV48-J3G5 Zendframework Potential XSS or HTML Injection vector in Zend_Json

ZendJsonEncoder was not taking into account the solidus character / during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON string...

GHSA-XFFP-6W68-4775 Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol IP address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into accou...

CGA-Q672-W479-6W63

Bulletin has no description...

SUSE CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

RHEL 7 : runc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - runc: Execution of malicious containers allows for container escape and access to host filesystem...

GHSA-H7V2-2QWG-H829 Symfony has a security issue when parsing the Authorization header

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-1739)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

The vulnerability of the rndis_set_response() function in the USB driver in the rndis.c module of the Linux kernel allows a hacker to gain increased privileges within the system.

The vulnerability of the rndissetresponse function in the USB driver in the rndis.c module of the Linux kernel is related to integer overflow errors. Exploiting this vulnerability can allow an attacker to gain increased privileges...