CVE-2024-26704

In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents movedlen In ext4moveextents, movedlen is only updated when all moves are successfully executed, and only discards originode and donorinode preallocations when movedlen is not...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Apache Doris 竞争条件问题漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...

CVE-2024-0047

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-52557

In OpenBSD 7.3 before errata 016, npppd8 could crash by a l2tp message which has an AVP Attribute-Value Pair with wrong length...

Out-of-bounds

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

CVE-2024-27294 dp-golang Go installation could be owned by wrong user

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

CVE-2024-27294 dp-golang Go installation could be owned by wrong user

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. The Linux kernel suffers from a security vulnerability that stems from the fact that the function mlx5etxreporterdumpsq converts its void argument to struct mlx5etxqsq , but in the TX-timeout-recover...

PT-2024-12276

Name of the Vulnerable Software and Affected Versions SEV firmware affected versions not specified Description A code bug in Secure TSC may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled, potentially resulting in a loss of guest...

CVE-2023-6519

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7...

CVE-2023-6519

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7...

CVE-2023-6519

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7...

CVE-2023-6519

CVE-2023-6519 affects Mia Technology Inc.'s MIA-MED prior to version 1.0.7. The issue is described as Exposure of Data Element to Wrong Session, enabling reading of sensitive strings within an executable. Affects MIA-MED before 1.0.7; CVSS 3.1 base score 7.5 (High), network attack vector, no user...

PT-2024-14988 · Media Technology · Mi̇A-Med

Name of the Vulnerable Software and Affected Versions: MİA-MED versions prior to 1.0.7 Description: The issue affects Mia Technology Inc.'s MİA-MED, allowing sensitive strings within an executable to be read. This is due to an Exposure of Data Element to Wrong Session vulnerability...

AZL-34274 CVE-2024-24577 affecting package libgit2 for versions less than 1.6.5-1

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

DEBIAN-CVE-2024-0749

A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox 122 and Thunderbird 115.7...