CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

PT-2024-27081 · Alexbinary · Object-Deep-Assign

Name of the Vulnerable Software and Affected Versions: alexbinary object-deep-assign version 1.0.11 Description: The issue concerns a Prototype Pollution vulnerability via the extend method of Module.deepAssign, located in /src/index.js. Recommendations: For alexbinary object-deep-assign version...

CVE-2024-35328

...

CVE-2024-35326

CVE-2024-35326 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2023-51847

An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoapcontextt function in the src/coapthreadsafe.c:297:3 component...

smartdns security vulnerability

SmartDNS is a DNS server running locally by Nick Peng Personal Developer. A security vulnerability exists in smartdns, which stems from the inclusion of an unaligned address in smartdns/src/util.c. The vulnerability is caused by the inclusion of an unaligned address in smartdns/src/util.c...

Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input...

CVE-2023-1001

The CVE-2023-1001 entry concerns xuliangzhan vxe-table (up to 3.7.9) where the textarea.js export function inputValue is vulnerable to cross-site scripting. The vulnerability is exploitable remotely and is caused by improper handling of inputValue in the vxe-textarea component. Upgrade to version...

Mageia: Security Advisory (MGASA-2024-0181)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4585

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/membertype.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

CVE-2023-26793

libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in readiostatus function in src/modbus.c...

CVE-2023-26793

libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in readiostatus function in src/modbus.c...

DEBIAN-CVE-2024-27007

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change srcfolio after ensuring it's unpinned in UFFDIOMOVE Commit d7a08838ab74 "mm: userfaultfd: fix unexpected change to srcfolio when UFFDIOMOVE fails" moved the srcfolio-mapping, index changing to after clearing t...

DLA-3805-1 qtbase-opensource-src - security update

Bulletin has no description...

CVE-2023-26793

CVE-2023-26793 affects libmodbus v3.1.10 with a heap-based buffer overflow in read_io_status (src/modbus.c). The CVSS v3.1 base score is 9.8 (CRITICAL). Connected sources indicate the vulnerability is unpatched in some environments (Nessus entry notes no vendor patch available); monitor for updat...

Debian: Security Advisory (DLA-3805-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-26793

Removed by vendor...

[SECURITY] [DLA 3805-1] qtbase-opensource-src security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3805-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 01, 2024 https://wiki.debian.org/LTS -...

CVE-2024-31784

An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component...

CVE-2024-31784

An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component...