Linux kernel code issue vulnerability

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference in the sndhdacregmapsync method of the sound/hda device driver...

CVE-2023-48645

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

CVE-2024-0325

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

CVE-2024-0325

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

Command injection

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

CVE-2024-0325 Command Injection in Helix Sync

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

CVE-2024-0325 Command Injection in Helix Sync

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

CVE-2024-0325

CVE-2024-0325 concerns a local command injection in Helix Sync versions prior to 2024.1 . The available documents confirm the vulnerability and its local-execution nature but do not provide concrete details on affected versions beyond the 2024.1 cutoff, the exact vulnerable component, or root cau...

Helix Sync Command Injection Vulnerability

perforce Helix Sync is a simplification tool from perforce. A security vulnerability exists in Helix Sync versions prior to 2024.1 that stems from the presence of local command injection...

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable. Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor...

xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Internet Bug Bounty: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (CWE: 444)

SECURITY CVE-2024-21733 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data fr...

Malicious code in sync-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 335de7612c8237e0a74d2c894424bda2c8a5e6547fa9bb6782ec0a94d4353226 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-79 Malicious code in nylas-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2deede55e9c84cfc6a261b2de7de468c49dd03fe6cdee3eda009eeaa0cdb0a73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nylas-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2deede55e9c84cfc6a261b2de7de468c49dd03fe6cdee3eda009eeaa0cdb0a73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

January 2, 2024, update for OneNote 2016 (KB5002500)

January 2, 2024, update for OneNote 2016 KB5002500 This article discusses update 5002500 for Microsoft OneNote 2016 that was released on January 2, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

CLZero - A Project For Fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. About Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and...

PT-2023-8034 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns arbitrary command execution in the host time parameter of the NTPSyncWithHost interface of the cstecgi .cgi. This vulnerability exists due to the lack of measures...

GHSA-F23H-52HJ-99P6 Apache IoTDB: Unsafe deserialize map in Sync Tool

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...