CBL Mariner 2.0 Security Update: openssl (CVE-2021-3712)

The version of openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3712 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer...

CVE-2024-43782

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...

CVE-2024-43782

Technical details about CVE-2024-43782 are not publicly provided in the supplied documents. Monitor for updates as affected versions, exploit availability, and fixes may be disclosed in future advisories.

CVE-2024-43782 openedx-translations's Atlas translations for Open edX missing validation

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...

python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()

An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...

Django: denial-of-service in ``intcomma`` template filter

A vulnerability was found in Django. When used with very long strings, the intcomma template filter was subject to a potential denial of service attack...

GHSA-8327-84CJ-8XJM Stack overflow when parsing specially crafted JSON ABI strings

Affected versions of the alloy-json-abi crate did not properly handle parsing of malformatted JSON ABI strings. The JsonAbi::parse method can be tricked into a stack overflow when processing specially crafted input. This stack overflow can lead to a crash of the application using this crate,...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS on SRX Series devices allows a hacker to cause a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS on SRX Series devices is related to the use of uncontrolled format strings. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Fedora: Security Advisory (FEDORA-2024-c5152808e4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the exacqVision Web Service web interface of the exacqVision surveillance system, related to the disclosure of information through query strings, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the exacqVision Web Service web interface of the video surveillance system involves the disclosure of information through query strings during the processing of authentication tokens. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorize...

kernel: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()

A memory leak was found in the Linux kernel's Xen SMP interrupt initialization functions for x86 architectures. When interrupt handler binding fails during setup, the error path frees various resources but neglects to free dynamically allocated interrupt name strings created via kasprintf. This...

DEBIAN-CVE-2024-42236

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...

UBUNTU-CVE-2024-42236

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...

SUSE CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

PT-2024-5522 · Unknown · Exacqvision Web Service

Name of the Vulnerable Software and Affected Versions: exacqVision Web Service affected versions not specified Description: The issue is related to the exposure of authentication token details within communications under certain circumstances. This can occur when the exacqVision Web Service handl...

AZL-47489 CVE-2024-41038 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

The vulnerability of the HTTP-server of the microprogrammed Wi-Fi range extension software from Actiontec, the WCB6200Q, allows a hacker to execute arbitrary code.

The vulnerability of the HTTP-server of the microprogrammed Wi-Fi range extension software Actiontec WCB6200Q is related to the use of uncontrolled format strings in processing HTTP request headers. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

PYSEC-2024-59

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. getsupportedlanguagevariant was subject to a potential denial-of-service attack when used with very long strings containing specific characters...

PYSEC-2024-59

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. getsupportedlanguagevariant was subject to a potential denial-of-service attack when used with very long strings containing specific characters...