101 matches found
DEBIAN-CVE-2024-33619
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
CVE-2024-33619
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
UBUNTU-CVE-2024-33619
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
CVE-2024-33619 efi: libstub: only free priv.runtime_map when allocated
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
CVE-2024-33619
The CVE-2024-33619 entry concerns a Linux kernel EFI handling bug in libstub: priv.runtime_map could be freed in an error path when it was never allocated (priv.runtime_map is only allocated if efi_novamap is not set; otherwise it is uninitialized). The fix is to Free priv.runtime_map only when i...
CVE-2024-33619 efi: libstub: only free priv.runtime_map when allocated
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
CVE-2024-33619 efi: libstub: only free priv.runtime_map when allocated
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
New EmailGPT Flaw Puts User Data at Risk: Remove the Extension NOW
Synopsys warns of a new prompt injection hack involving a security vulnerability in EmailGPT, a popular AI email…...
CVE-2024-26684
An error in handling DPP safety was found in the Linux kernel driver for the Ethernet IPs built around a Synopsys IP Core. This flaw allows a local user to crash the system...
CVE-2024-0226
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload...
CVE-2024-0226 Stored Cross-Site Scripting in Synopsys Seeker
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload...
CVE-2024-0226 Stored Cross-Site Scripting in Synopsys Seeker
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload...
CVE-2024-0226
CVE-2024-0226 affects Synopsys Seeker versions prior to 2023.12.0. The vulnerability is a stored cross-site scripting flaw introduced via a specially crafted payload. The NVD entry rates the base impact as Low for confidentiality and integrity (no availability impact) with network attack vector a...
Synopsys Seeker Cross-Site Scripting Vulnerability
Synopsys Seeker is an interactive application security testing solution from Synopsys, Inc. A cross-site scripting vulnerability exists in Synopsys Seeker versions prior to 2023.12.0 that stems from the ease of causing cross-site scripting via a specially crafted payload...
PT-2024-15396 · Synopsys · Synopsys Seeker
Name of the Vulnerable Software and Affected Versions: Synopsys Seeker versions prior to 2023.12.0 Description: The issue is a stored cross-site scripting vulnerability that can be exploited through a specially crafted payload. Recommendations: For versions prior to 2023.12.0, update to version...
kernel: net: stmmac: dwc-qos: Disable split header for Tegra194
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194 where random system crashes have been observed 0. The problem occurs when the split header...
Synopsys Code Dx 信任管理问题漏洞
Synopsys Code Dx is a vulnerability management system from Synopsys. It combines and correlates results generated by various static and dynamic testing tools. A security vulnerability exists in Synopsys Code Dx versions prior to 2023.4.2 that stems from the use of hard-coded passwords when...
GHSA-PX6V-6JHF-J46R CSRF vulnerability in Synopsys Jenkins Coverity Plugin
A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-JWR6-75XH-JH5J Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions
Synopsys Coverity Plugin 3.0.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using anothe...
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...