Where's My Perry Security Vulnerabilities

Exploit for CVE-2024-4367

CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript...

CVE-2024-35962 netfilter: complete validation of user input

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform...

CVE-2024-35956 btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...

CVE-2024-35962

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform...

CVE-2024-35956

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...

CVE-2024-35944

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at...

CVE-2024-35944

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at...

CVE-2024-35944

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at...

CVE-2024-35944 VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at...

CVE-2024-35944 VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at...

CVE-2024-35944

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at...

CVE-2024-35795

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....

CVE-2024-27435

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found.....

CVE-2024-35784

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our...

Friday Squid Blogging: Emotional Support Squid

When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: They're emotional support squid because they're large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for.....

CVE-2024-35795

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....

CVE-2024-35795

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....

CVE-2024-35795

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately...

CVE-2024-35795 drm/amdgpu: fix deadlock while reading mqd from debugfs

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....

CVE-2024-35784

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our...

CVE-2024-35784

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with...

CVE-2024-27435

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found.....

CVE-2024-35784

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our...

CVE-2024-27435

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found.....

CVE-2024-27435

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we...

CVE-2024-35784 btrfs: fix deadlock with fiemap and extent locking

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our...

CVE-2024-27435 nvme: fix reconnection fail due to reserved tag allocation

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found.....

CVE-2024-27435 nvme: fix reconnection fail due to reserved tag allocation

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found.....

CVE-2024-31290

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through...

CVE-2024-31290

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through...

CVE-2024-31290 WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through...

CVE-2024-31290 WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through...

CVE-2023-23988

Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through...

CVE-2023-23988

Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through...

CVE-2023-23988 WordPress My Tickets plugin <= 1.9.11 - Payment Bypass Vulnerability

Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through...

CVE-2024-35795

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....

CVE-2024-27435

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found.....

SAP BusinessObjects Business Intelligence Platform Multiple Vulnerabilities (May 2024)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is potentially affected by the following vulnerabilities: A cross-site scripting (XSS) vulnerability exists in the Opendocument URL due to improper validation of user-supplied input before...

CVE-2024-35784

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our...

SAP NetWeaver AS ABAP XSS (May 2024) (3448445)

The remote SAP NetWeaver ABAP server may be affected by a cross-site scripting (XSS) vulnerability. A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a.....

SAP NetWeaver AS ABAP XSS (May 2024) (3450286)

The remote SAP NetWeaver ABAP server may be affected by a cross-site scripting (XSS) vulnerability. A cross-site scripting (XSS) vulnerability exists due to improper validation and encoding of untrusted data. An unauthenticated, remote attacker can exploit this, by convincing a user to click a...

Debian: Security Advisory (DLA-3815-1)

The remote host is missing an update for the...

SAP NetWeaver AS ABAP File Upload Vulnerability (May 2024) (3448171)

The remote SAP NetWeaver ABAP server may be affected by an arbitrary file upload vulnerability. An arbitrary file upload vulnerability exists in the content repositiory due to missing a signature check. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1682)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 3.0.6.0 : glibc (EulerOS-SA-2024-1682)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed,...

Rounding up some of the major headlines from RSA

While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...

[updated] Deleted iPhone photos show up again after iOS update

iPhone owners are reporting that photos they'd deleted are now back on their phones, after updating to iOS 17.5. With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. Here are some examples from Reddit: “When in conversation...

Invoke-SessionHunter - Retrieve And Display Information About Active User Sessions On Remote Computers (No Admin Privileges Required)

Retrieve and display information about active user sessions on remote computers. No admin privileges required. The tool leverages the remote registry service to query the HKEY_USERS registry hive on the remote computers. It identifies and extracts Security Identifiers (SIDs) associated with active....

[SECURITY] [DLA 3815-1] firefox-esr security update

Debian LTS Advisory DLA-3815-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 16, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.11.0esr-1~deb10u1 CVE...

Debian: Security Advisory (DSA-5691-1)

The remote host is missing an update for the...