CVE-2024-36683

CVE-2024-36683 affects the PrestaShop module “Products Alert” (productsalert) prior to version 1.7.4. The issue is an SQL injection in ProductsAlertAjaxProcessModuleFrontController::initContent, allowing a guest to perform SQL queries and access sensitive data. Remediation is to update to 1.7.4 o...

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" helpdesk up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets'...

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" productsalert before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method...

CVE-2024-36484 net: relax socket state check at accept time.

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

CVE-2022-48752

A flaw was found in the Linux kernel. This issue may possibly cause a crash...

CVE-2024-34990

In the module "Help Desk - Customer Support Management System" helpdesk up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket and HelpdeskHelpdeskModuleFrontController::replyTicket allow upload of .php...

CVE-2024-38594

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: move the EST lock to struct stmmacpriv Reinitialize the whole EST structure would also reset the mutex lock which is embedded in the EST structure, and then trigger the following warning. To address this, move the lo...

CVE-2024-38594 net: stmmac: move the EST lock to struct stmmac_priv

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: move the EST lock to struct stmmacpriv Reinitialize the whole EST structure would also reset the mutex lock which is embedded in the EST structure, and then trigger the following warning. To address this, move the lo...

WordPress plugin WP Magazine Modules Lite security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Magazine Modules Lite plugin <= 1.1.2 - Authenticated Local File Inclusion vulnerability

Authenticated Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin WP Magazine Modules Lite versions = 1.1.2...

SUSE CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and...

WordPress WP Magazine Modules Lite Plugin <= 1.1.2 is vulnerable to Local File Inclusion

Software WP Magazine Modules Lite Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5574 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 60f52a06449e Credits stealthcopter Required privilege...

Oracle Linux 8 : glibc (ELSA-2024-12440)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12440 advisory. - CVE-2024-33599: nscd: buffer overflow in netgroup cache RHEL-34264 - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache RHEL-34267 -...

ai.djl.android:core (>=0.20.0 <=0.27.0), ai.djl.android:onnxruntime (>=0.20.0 <=0.27.0) +155 more potentially affected by CVE-2024-37902 via ai.djl:api (>=0.20.0 <=0.27.0)

ai.djl:api MAVEN version =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.26.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.27.0 and more Source cves: CVE-2024-37902 Source advisory: OSV:GHSA-W877-JFW7-46RJ...

DEBIAN-CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and...

UBUNTU-CVE-2024-38394

DISPUTED Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel...

PT-2024-27978 · Gnome +2 · Gnome Settings Daemon +2

Name of the Vulnerable Software and Affected Versions: GNOME Settings Daemon versions through 46.0 Description: Mismatches in interpreting USB authorization policy between GNOME Settings Daemon and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access...

OPENSUSE-SU-2024:10043-1 pam-modules-12.1-27.4 on GA media

These are all security issues fixed in the pam-modules-12.1-27.4 package on the GA media of openSUSE Tumbleweed...

Exposure Of Sensitive Information To An Unauthorized Actor

Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...

CVE-2024-1689

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...