October 24, 2024—KB5044384 (OS Build 26100.2161) Preview

October 24, 2024—KB5044384 OS Build 26100.2161 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 24H2, see its update history page. Note Follow @WindowsUpdate to...

WordPress Order Notification for Telegram Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software Order Notification for Telegram Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c9ae0bfdb3a8 Credits István Márton...

BELL-CVE-2024-50048

Bulletin has no description...

BELL-CVE-2024-49986

Bulletin has no description...

BELL-CVE-2024-49859

Bulletin has no description...

BELL-CVE-2024-50055

Bulletin has no description...

BELL-CVE-2024-50024

Bulletin has no description...

BELL-CVE-2024-49975

Bulletin has no description...

BELL-CVE-2024-49934

Bulletin has no description...

CVE-2022-49007

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfspalloccommitfreeentry Syzbot reported a null-ptr-deref bug: NILFS loop0: segctord starting. Construction interval = 5 seconds, CP frequency 3c 02 00 0f 85 26 05 00 00 49 8b 46 10 be a6...

October 22, 2024—KB5044380 (OS Builds 22621.4391 and 22631.4391) Preview

October 22, 2024—KB5044380 OS Builds 22621.4391 and 22631.4391 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...

DEBIAN-CVE-2022-48954

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix use-after-free in hsci KASAN found that addr was dereferenced after br2deveventwork was freed. ================================================================== BUG: KASAN: use-after-free in...

CVE-2024-50059 ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix use after free vulnerability in switchtecntbremove due to race condition In the switchtecntbadd function, it can call switchtecntbinitsndev function, then &sndev-checklinkstatuswork is bound with...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a vulnerability that could cause a hang notification to register twice upon reinsertion of the CSR dummy...

CVE-2024-10128 Topdata Inner Rep Plus WebServer td.js.gz risky encryption

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been...

Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024122 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954...

K000141302: Quarterly Security Notification (October 2024)

Security Advisory Description On October 16, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can wat...

CVE-2023-7292

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7292 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7292 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...