CVE-2024-8896

CVE-2024-8896 affects Autodesk AutoCAD via a vulnerability in acdb25.dll when parsing malicious DXF files. Root cause: accessing an uninitialized variable in memory, enabling arbitrary code execution or crashes in the current process. Documented impacts include crashing and potential data leakage...

PT-2024-31541 · Fetch +1 · Fetch +1

Name of the Vulnerable Software and Affected Versions: fetch versions affected versions not specified Description: The issue arises from the fetch3 library's use of environment variables to pass information, including the revocation file pathname. However, the environment variable name used by...

CVE-2024-47827

A flaw was found in Argo Workflows. Due to a race condition in a global variable, the Argo Workflows controller can crash on command by any user with access to execute a workflow, which can lead to a denial of service...

CVE-2024-47827

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerabili...

CVE-2024-47827

CVE-2024-47827 affects Argo Workflows (controller) where a race condition in a global variable in the 3.6.0-rc1 release can cause the controller to crash when a user with workflow execution access triggers a run. The issue is fixed in 3.6.0-rc2. Affected product: Argo Workflows (Kubernetes). Root...

CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerabili...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows version 3.6.0-rc1, which stems from a race condition in a global variable that allows any user authorized to execute workflows to crash the arg...

The vulnerability of the $pconfig variable in the interfaces_groups_edit.php file of the software network interface controller based on the FreeBSD Netgate pfSense operating system allows a hacker to execute arbitrary code.

The vulnerability of the $pconfig variable in the interfacesgroups Edit.php file of the software network interface layer based on the FreeBSD Netgate pfSense operating system is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote...

GHSA-H99M-6755-RGWC Rancher Remote Code Execution via Cluster/Node Drivers

Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

CVE-2024-47017

CVE-2024-47017 affects the ufshc_scsi_cmd function in ufs.c, with a stack variable use-after-free leading to local escalation of privilege. The vulnerability description across Red Hat, NVD, CVE lists, and OSV entries consistently state that no further user interaction is required, and exploitati...

[slackware-security] php81

New php81 packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.30-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2024-4577, Parameter Injection Vulnerability...

The vulnerability of the nci_rx_work() function in the Linux operating system allows a hacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the ncirxwork function in the net/nfc/nci/core.c file of the Linux operating system’s kernel is related to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the protected...

The vulnerability of the asix component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the asix component in the Linux operating system’s kernel is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of web-servers of microprogramming software for devices such as SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, allows a perpetrator to cause service interruptions.

The vulnerability of web-servers of microprogramming software for SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, is related to errors in variable name assignments. Exploiting this vulnerability can allow attackers to cause system failures...

CVE-2024-46538

A cross-site scripting XSS vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfacesgroupsedit.php...

SUSE CVE-2022-48985

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi workdone After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq-workdone. If the other thread for...

SUSE CVE-2022-49001

In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switches to the so called shadow stack, then use this shadow stack to call the getoverflowstack to get the overflow stack...

DEBIAN-CVE-2022-49001

In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switches to the so called shadow stack, then use this shadow stack to call the getoverflowstack to get the overflow stack...

UBUNTU-CVE-2022-49001

In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switches to the so called shadow stack, then use this shadow stack to call the getoverflowstack to get the overflow stack...

UBUNTU-CVE-2022-48985

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi workdone After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq-workdone. If the other thread for...