CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-34736

CVE-2024-34736 affects Android’s media stack, specifically the StagefrightRecorder.cpp setupVideoEncoder. When B-frame support is enabled, there is a potential for asynchronous playback that can enable local elevation of privilege without requiring additional execution privileges or user interact...

CLSA-2024-1723494706 Fix of 19 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-42068 - bpf: Take return from setmemoryro into account with bpfproglockro CVE-url: https://ubuntu.com/security/CVE-2024-42079 - gfs2: Fix NULL pointer dereference in gfs2logflush CVE-url: https://ubuntu.com/security/CVE-2024-42226 - usb: xhci: prevent...

CVE-2024-39485

...

CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

UBUNTU-CVE-2024-42249

In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spiasync Calling spimaybeunoptimizemessage in spiasync is wrong because the message is likely to be in the queue and not transferred yet. This can corrupt the message while it is being used by the...

SourceCodester Tracking Monitoring Management System SQL注入漏洞

SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester Inc. A SQL injection vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

UBUNTU-CVE-2024-41045

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpftimercancelandfree Currently, the same case as previous patch two timer callbacks trying to cancel each other can be invoked through bpfmapupdateelem as well, or more precisely, freeing map elements containi...

WordPress plugin User Profile Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37849 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Stored Cross-Site Scripting via the mapTypes parameter in the 'wpw auto poster map wordpress post type' AJAX function due to...

VulnCheck KEV: CVE-2024-6753

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This...

ALSA-2024:4756 Moderate: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

EulerOS 2.0 SP8 : c-ares (EulerOS-SA-2024-2020)

According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf,...

EulerOS Virtualization 2.10.1 : libuv (EulerOS-SA-2024-2004)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

SUSE CVE-2022-48790

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed...

PT-2024-28618 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...

PT-2024-28620 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...

DEBIAN-CVE-2022-48790

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed...