CVE-2024-41004 tracing: Build event generation tests only as modules

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

CVE-2024-41004 tracing: Build event generation tests only as modules

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

SUSE CVE-2024-39488

In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add necessary padding bytes to bugtable entries, and as a result the last entry in a bug table will be ignored, potentially leading to a...

SUSE-SU-2024:2396-1 Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059133 fixes several issues. The following security issues were fixed: - CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit bsc1225211. - CVE-2024-26923: Fixed false-positive lockdep splat for spinlock in unixgc bsc1223683. - CVE-2024-26828...

CVE-2024-39488

In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add necessary padding bytes to bugtable entries, and as a result the last entry in a bug table will be ignored, potentially leading to a...

BIT-MEDIAWIKI-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...

CVE-2024-39488

The CVE-2024-39488 issue is a Linux kernel arm64 bug related to end padding of bug_entry structures. When CONFIG_DEBUG_BUGVERBOSE=n, final bug_table entries in modules may lack trailing padding, causing the last entry to be ignored and potentially leading to an unexpected kernel panic during modu...

city.smartb.cccev:api-commons-jvm (>=0.14.0 <=0.15.0-RC2), city.smartb.cccev:cccev-certification-api (>=0.15.0 <=0.15.0-RC2) +397 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.0.6)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-22271 Source advisory:...

SAP NetWeaver Application Server Information Disclosure Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. An information disclosure vulnerability exists in SAP NetWeaver Application Server, which arises from a vulnerability that allows an attacker to access remotely enabled function modules without further authorization unde...

CloudSorcerer – A new APT targeting Russian government entities

In May 2024, we discovered a new advanced persistent threat APT targeting Russian government entities that we dubbed CloudSorcerer. Its a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud...

CVE-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...

CVE-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...

SUSE CVE-2024-39473

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...

Exploit for Path Traversal in Splunk

CVE-2024-36991 Path Traversal On The “/Modules/Messaging/“...

PT-2024-28937 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWikiChat extension for MediaWiki versions through 1.42.1 Description: An issue was discovered in the MediaWikiChat extension for MediaWiki, where CSRF can occur in API modules. Recommendations: For MediaWikiChat extension for MediaWiki...

CVE-2024-40601

The CVE-2024-40601 entry concerns the MediaWikiChat extension for MediaWiki up to version 1.42.1, with a CSRF vulnerability in API modules. Affected component: MediaWikiChat extension (MediaWiki). Root cause stated: CSRF risk in API modules. Impact indicators from CVSS: integrity impact HIGH whil...

CVE-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...

CVE-2024-39473

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...

UBUNTU-CVE-2024-39473

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...

CVE-2024-39473 ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...