117 matches found
OESA-2024-2022 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful...
ROS-20240708-21
Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...
The vulnerability of the gfs2PutSuper() function in the gfs2 file system of Linux kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the gfs2PutSuper function in the fs/gfs2/super.c file of the Linux kernel’s file system gfs2 is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...
CVE-2024-35983
In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIGNRCPUS bitsper rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
Important: nodejs20
Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data i...
Important: tomcat9
Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.2 and iPadOS version 17.2, which originates from an application th...
egdrive (=0.1.3), ersilia (>=0.1.0 <=0.1.1) +5 more potentially affected by CVE-2023-49297 via pydrive2 (>=1.14.0 <=1.15.4)
pydrive2 PYPI version =1.14.0, =0.1.0, =0.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.3 Source cves: CVE-2023-49297 Source advisory: OSV:PYSEC-2023-291...
UBUNTU-CVE-2023-46569
An out-of-bounds read in radare2 v.5.8.9 and before exists in the printinsn32fpu function of libr/arch/p/nds32/nds32-dis.h...
The vulnerability of the Go programming language-based http2 package, which allows a hacker to trigger a service failure
The vulnerability of the Go programming language’s http2 package is related to an uncontrolled resource consumption by the server due to the incorrect setting of the Server.MaxConcurrentStreams parameter when processing request streams. Exploiting this vulnerability can allow a remote attacker to...
BELL-CVE-2022-43552 CVE-2022-43552 does not affect BellSoft software
Bulletin has no description...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Snap One OvrC Pro 数据伪造问题漏洞
Snap One OvrC is a free cloud-based remote management and monitoring platform from Snap One USA. A data forgery issue vulnerability exists in Snap One OvrC Pro 7.2 and prior versions, which stems from the lack of a complete PKI system firmware signature, and can be exploited by an attacker to...
DHIS 2 安全漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 versions prior to 2.37.9.1, prior to 2.38.3.1, and prior to 2.39.1.2, which stems from the use of object model traversal ...
PT-2023-9990 · Arc2 · Arc2
Name of the Vulnerable Software and Affected Versions: ARC aka ARC2 through 2011-12-01 Description: The issue allows blind SQL Injection in the getTriplePatternSQL function within ARC2 StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. Recommendations: For ARC aka ARC2 through...
SUSE CVE-2015-8370
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service disk corruption via backspace characters in the 1 grubusernameget function in grub-core/normal/auth.c or the 2...
SUSE CVE-2017-7773
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor...
GHSA-4W2J-2RG4-5MJW vm2 vulnerable to Arbitrary Code Execution
The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...
CVE-2022-33968
creationtimestamp| type| source ---|---|--- 2022-08-04 22:20:09+00:00| seen| https://t.me/cibsecurity/47584...