CVE-2024-42370

Litestar (versions 2.10.0 and earlier) is affected by an environment variable injection flaw in the docs-preview.yml workflow. A crafted artifact can be introduced via the workflow’s artifact handling, potentially exposing DOCS_PREVIEW_DEPLOY_TOKEN and granting the attacker permissions to write i...

CVE-2024-42356

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...

CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...

CVE-2024-42356

CVE-2024-42356 affects Shopware (open commerce platform). The issue arises from the Twig context variable, which can be injected into most Twig templates and, via a scoped Context helper, enables calling statically callable PHP functions from Twig. This can leak language/currency context and, wit...

kernel: efivarfs: force RO when remounting if SetVariable is not supported

A flaw was found in the Linux kernel, which involves the improper handling of the efivarfs filesystem when the firmware does not support the SetVariable function at runtime. Specifically, even if efivarfs is initially mounted as read-only RO, it can be remounted as read-write RW without checking ...

kernel: i40e: fix vf may be used uninitialized in this function warning

A flaw was found in the Linux kernel’s Ethernet Controller XL710 family driver. This flaw allows a local user to crash the system...

CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

SUSE CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

SUSE CVE-2024-41052

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Init the count variable in collecting hot-reset devices The count variable is used without initialization, it results in mistakes in the device counting and crashes the userspace if the get hot reset info path is...

CVE-2024-7540

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7540

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

PT-2024-25589 · Unknown · E-Negosyo System

Name of the Vulnerable Software and Affected Versions: E-Negosyo System version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server. This could enable the retrieval of all information stored in the id variable i...

SUSE SLES12 Security Update : ksh (SUSE-SU-2024:2756-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2756-1 advisory. - CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression bsc1160796 Other fixes: ...

PT-2024-38416 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 5.0.0 Description: A critical issue has been found, affecting the evaluateVariableExpression function of the ConversionSqlParamValueMapper.java file in the Data Schema Page component. This issue leads to improper...

CVE-2024-7542 oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7542

CVE-2024-7542 concerns oFono and the AT+CMGR handling logic. The flaw is described as an uninitialized memory access during parsing of AT CMGR command responses, enabling a local attacker who can execute code on the target modem to disclose sensitive information and potentially execute arbitrary ...

CVE-2024-7541

CVE-2024-7541 concerns oFono, specifically the AT+CMT Command parsing flaw. The vulnerability arises from uninitialized memory access during response parsing, enabling local attackers with code execution context as root when combined with other weaknesses. Affected component is oFono’s modem AT+C...