Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the xainsert function using the wrong path. No details of the vulnerability are provided at this time...

Devolutions DVLS 安全漏洞

Devolutions DVLS is a globally popular, full-featured, self-hosted password management platform. A security vulnerability exists in Devolutions DVLS version 2024.3.6 and prior versions that stems from improper access control. An attacker exploiting the vulnerability could gain access to sensitive...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from calling khugepaged, ksm in the wrong context...

AZL-52254 CVE-2024-51744 affecting package jx for versions less than 3.2.236-21

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a redundant put operation on the wrong path in the drm/shmem-helper component...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-45025)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45025 advisory. - In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on closerange with...

SUSE CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Exposure of Data Element to Wrong Session

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the improper handling of user roles during the login process. An attacker can gain unauthorized access and perform actions without administrative approval...

GO-2024-3166 Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf

Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf...

DEBIAN-CVE-2023-45361

An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages...

Grafana Labs Incorrect Permission (cve-2024-8118)

The version of Grafana Labs installed on the remote host is prior to 10.3.10, 10.4.9, 11.0.5, 11.1.6, or 11.2.1. It is, therefore, affected by a vulnerability as referenced in the cve-2024-8118 advisory. - In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing...

CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

kernel: Input: aiptek - properly check endpoint type

A wrong endpoint type warning was recorded in usbsubmiturb in the Linux kernel. This may present a potential loss of Availability...

kernel: Input: aiptek - properly check endpoint type

A wrong endpoint type warning was recorded in usbsubmiturb in the Linux kernel. This may present a potential loss of Availability...

OESA-2024-2153 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly cleaning up resources on the wrong path, which could lead to a memory leak...

CVE-2024-1578 Multiple MiCard PLUS card reader dropped characters

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration...

CVE-2024-1578

Summary: The MiCard PLUS Ci and MiCard PLUS BLE reader products (rf IDEAS; rebranded by NT-ware) have a firmware fault that may cause characters to be randomly dropped from ID card reads. This leads to the wrong ID card number during ID card self-registration and may result in failed user logins....

PT-2024-38768 · Rapid7 · Rapid7 Insight Platform

Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Platform versions between November 2019 and August 14, 2024 Description: The issue is related to missing authorization in the Rapid7 Insight Platform, allowing an attacker to intercept local requests and potentially add an empt...

VLC < 3.0.18 Multiple Vulnerabilities

The version of VLC media player installed on the remote host is prior to 3.0.18. It is, therefore, affected by multiple vulnerabilities: - VideoLAN VLC prior to version 3.0.18 contains a potential buffer overflow that allows attackers, by tricking a user into opening a crafted playlist or...