-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
# CloudLinux CageFS Token Disclosure #
Link:
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01_CloudLinux_CageFS_Token_Disclosure
## Vulnerability Overview ##
CloudLinux CageFS 7.1.1-1 or below passes the authenticati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
# CloudLinux CageFS Insufficiently Restricted Proxy Command #
Link:
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands
## Vulnerability Overview ##
CloudLinux
CVE ID: CVE-2024-22900
Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions
7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22900, has been
discovered in Vinchin Backup and Recovery software, affecting versions 7.2 and
earlier. T
CVE ID: CVE-2024-22899
Title: Command Injection Vulnerability in Vinchin Backup and Recovery's
syncNtpTime Function in Versions 7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22899, has been
discovered in the `syncNtpTime` function of Vinchin Backup and R
CVE ID: CVE-2024-22901
Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2
Description:
A critical security issue, identified as CVE-2024-22901, has been discovered in
Vinchin Backup & Recovery version 7.2. The software has been found to use
default MYSQL credential
CVE ID: CVE-2024-22902
Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2
Suggested Description:
Vinchin Backup & Recovery version 7.2 has been identified as being configured
with default root credentials, posing a significant security vulnerability.
Additional Info
CVE ID: CVE-2024-22903
Title: Command Injection Vulnerability in SystemHandler.class.php of Vinchin
Backup & Recovery Versions 7.2 and Earlier
Description:
A significant security vulnerability, CVE-2024-22903, has been identified in
the `deleteUpdateAPK` function within the `SystemHandler.class
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-1 Safari 17.3
Safari 17.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214056.
Apple maintains a Security Updates page at
https://support.apple.com/HT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3
iOS 17.3 and iPadOS 17.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214059.
Apple maintains a Security Updates page at
ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5
iOS 16.7.5 and iPadOS 16.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214063.
Apple maintains a Security Updates pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1
iOS 15.8.1 and iPadOS 15.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214062.
Apple maintains a Security Updates pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-5 macOS Sonoma 14.3
macOS Sonoma 14.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214061.
Apple maintains a Security Updates page at
https://support.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4
macOS Ventura 13.6.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214058.
Apple maintains a Security Updates page at
https://su
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3
macOS Monterey 12.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214057.
Apple maintains a Security Updates page at
https://
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-8 watchOS 10.3
watchOS 10.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214060.
Apple maintains a Security Updates page at
https://support.apple.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-01-22-2024-9 tvOS 17.3
tvOS 17.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214055.
Apple maintains a Security Updates page at
https://support.apple.com/HT2012
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/15bda00b57e2ed729a45f7cfa62165da.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: TrojanSpy Win32 Nivdort
Vulnerability: Insecure Permissions - EoP (SYSTEM)
Family: Nivd
Searching the web for `javascript fork malloc bomb` returns results,
e.g. [here][1]: and [here][2]:
We got a javascript fork malloc bomb which crashed Chrome 121 on linux
with SIGILL and about one in five runs the virtual machine freezes.
SIGILL almost always is a sign of memory corruption :)
On a
Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183,
CVE-2023-44031)
Credit: Mohaiman Rahim
///
[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference
via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is
triggered when the X11 server sends an DRI2_BufferSwapComplete event
unexpectedly when the application is using DR
[Vulnerability description]
A NULL pointer dereference in the component /X11/xedit/lisp of Xedit v1.2.3
allows attackers to cause a Denial of Service (DoS) via a crafted lisp.lsp file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
Xedit
[Affected Product Code Base]
Xedit
[Vulnerability description]
ncurses v6.4-20230610 was discovered to contain a NULL pointer dereference via
the function tgetstr().
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
ncurses
[Affected Product Code Base]
ncurses - 6.4-20230610
[Reference]
https://lists.gnu.org/
[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a segmentation violation via
the function glXQueryServerString().
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
freedesktop
[Affected Product Code Base]
Mesa - 23.0.4
[Reference]
https://gitlab.freedeskto
[Vulnerability description]
Xfig v3.2.8 was discovered to contain a segmentation violation via the function
XGetWMHints().
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
SourceForge
[Affected Product Code Base]
Xfig - 3.2.8
[Reference]
https://sourceforge.net/p/mcj/ticket
[Vulnerability description]
A NULL pointer dereference in the function handle_viminfo_register() of vim
v9.0 allows attackers to cause a Denial of Service (DoS) via crafted file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
vim
[Affected Product Code Base]
vim - 9.0
[Re
[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference
via the function __glXGetDrawableAttribute().
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
freedesktop
[Affected Product Code Base]
Mesa - 23.0.4
[Reference]
https://gitlab.fre
[Vulnerability description]
gnome gtk 824e9833 was discovered to contain a NULL pointer dereference via the
function XIQueryDevice().
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
gnome
[Affected Product Code Base]
gtk - 824e9833
[Reference]
https://gitlab.gnome.org/GNOM
[Vulnerability description]
OpenGL libglvnd bb06db5a was discovered to contain a NULL pointer dereference
via the function glXGetDrawableScreen().
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
OpenGL
[Affected Product Code Base]
libglvnd - bb06db5a
[Reference]
https://gitlab.freedes
[Vulnerability description]
GNU Midnight Commander v4.8.29-146-g299d9a2fb was discovered to contain a
segmentation violation via the function x_error_handler() at /tty/x11conn.c.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
GNU
[Affected Product Code Base]
Midnight Comma
[Vulnerability description]
gnome gdk-pixbuf 4fc028aa was discovered to contain a segmentation violation
via the function gdk_pixbuf_io_init_modules().
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
gnome
[Affected Product Code Base]
gdk-pixbuf - 4fc028aa
[Reference]
http
[Vulnerability description]
S-Lang v2.3.2 was discovered to contain an arithmetic exception via the
function tt_sprintf().
[VulnerabilityType Other]
FPE
[Vendor of Product]
S-Lang
[Affected Product Code Base]
S-Lang - 2.3.2
[Reference]
http://lists.jedsoft.org/lists/slang-users/2023/003.ht
[Vulnerability description]
gnome gtk f2a28891 was discovered to contain a segmentation violation via the
function init_randr15() at gdkscreen-x11.c.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
gnome
[Affected Product Code Base]
gtk - f2a28891
[Reference]
https://gitla
[Vulnerability description]
S-Lang v2.3.2 was discovered to contain a SEGV via the function fixup_tgetstr().
[VulnerabilityType Other]
SEGV
[Vendor of Product]
S-Lang
[Affected Product Code Base]
S-Lang - 2.3.2
[Reference]
http://lists.jedsoft.org/lists/slang-users/2023/002.html
[CVE Refer
[Vulnerability description]
gnome gtk ac60bc60 was discovered to contain a segmentation violation via the
function parse_settings() at xsettings-client.c.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
gnome
[Affected Product Code Base]
gtk - ac60bc60
[Reference]
https://
[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference
via the function check_xshm().
[Vulnerability Type]
NULL pointer dereference
[Vendor of Product]
freedesktop
[Affected Product Code Base]
Mesa - 23.0.4
[Reference]
https://gitlab.freedeskt
[Vulnerability description]
Nano v6.2 was discovered to contain a segmentation violation via the function
read_the_list().
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
nano
[Affected Product Code Base]
nano - 6.2
[Reference]
https://savannah.gnu.org/bugs/index.php?64465
[Vulnerability description]
QT v6.2, v6.5, and v6.6 was discovered to contain a NULL pointer dereference
via the function QXcbConnection::initializeAllAtoms().
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
qt
[Affected Product Code Base]
qt - 6.6, 6.5, 6.2
[Reference]
ht
[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to
execute arbitrary code via a crafted config6a file.
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
graphviz
[Affected Product Code Base]
graphviz - 2.43.0
[Reference]
https://gi
[Vulnerability description]
Null pointer deference happens in MiniZinc v.2.7.6 via a crafted .mzn file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
MiniZinc
[Affected Product Code Base]
MiniZinc - 2.7.6
[Reference]
https://github.com/MiniZinc/libminizinc/issues/730
[CV
[Vulnerability description]
A null pointer deference occurred in Sane v.1.2.1 via a crafted config file to
the sanei_configure_attach() function.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
sane
[Affected Product Code Base]
sane - 1.2.1
[Reference]
https://gitlab.com/s
[Vulnerability description]
A null pointer deference occurred in tex-live 944e257 via a crafted cmr10.pfb
config file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
tex-live
[Affected Product Code Base]
tex-live - 944e257
[Reference]
https://tug.org/pipermail/tex-live/20
[Vulnerability description]
A null pointer deference existed in LLVM v.15.0.0 via a crafted pdflatex.fmt
file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
llvm
[Affected Product Code Base]
llvm - LLVM-15
[Reference]
https://github.com/llvm/llvm-project/issues/67388
[C
[Vulnerability description]
A null pointer deference existed in MiniZinc v.2.7.6 via a crafted
Preferences.json file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
MiniZinc
[Affected Product Code Base]
MiniZinc - 2.7.6
[Reference]
https://github.com/MiniZinc/libminizinc/
[Vulnerability description]
A null pointer deference existed in tex-live v.944e257 via a crafted file to
the texk/web2c/pdftexdir/tounicode.c function.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
tex-live
[Affected Product Code Base]
tex-live - 944e257
[Reference]
http
[Vulnerability description]
A buffer overflow existed in Sane v.1.2.1 via a crafted config file to the
init_options() function.
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
sane
[Affected Product Code Base]
sane - 1.2.1
[Reference]
https://gitlab.com/sane-project/backends/-/issues/
45 matches
Mail list logo
