6501 matches found
Malicious code in @bingads-webui-react/with-site-map (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997e1cce193e872c031f1482119f4899f32d99a1ecc7dc194270a504607c421e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7905 Malicious code in @bingads-webui-react/with-site-map (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997e1cce193e872c031f1482119f4899f32d99a1ecc7dc194270a504607c421e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
bpf: Allow delete from sockmap/sockhash only if update is allowed
...
CVE-2024-41951
Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4...
AZL-48656 CVE-2024-42063 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...
AZL-47065 CVE-2024-42075 affecting package kernel for versions less than 5.15.162.2-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...
AZL-47186 CVE-2024-42075 affecting package kernel for versions less than 6.6.43.1-7
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...
UBUNTU-CVE-2024-42063
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...
CVE-2024-42063 bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...
DEBIAN-CVE-2024-41066
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: txbufffreemapconsumerindex-skb = newskb; freemapconsumerindex = IBMVNICINVALIDMAP; consumerindex ++; Whe...
AZL-62696 CVE-2024-41067 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...
UBUNTU-CVE-2024-41067
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if the skb address is null during a transfer, which could lead to a skb memory leak if th...
CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...
CVE-2024-41118
The CVE-2024-41118 entry concerns the open-source project streamlit-geospatial, where prior to commit c4f81d9616d40c60584e36abb15300853a66e489 the url variable in pages/7_📦_Web_Map_Service.py accepts user input and passes it into get_layers, which uses get_wms_layer to send requests to arbitrary ...
streamlit-geospatial 代码问题漏洞
streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/7? The url variable in WebMapService.py accepts user input that is passed to the getlayers...
PT-2024-29274 · Pypi · Streamlit-Geospatial
Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue allows for blind server-side request forgery due to the url variable taking user input, which is then used by the get wms layer meth...
io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...
brightonandhovecyclemap.co.uk Cross Site Scripting vulnerability OBB-3949812
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-6753
The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it...