CVE-2024-36484 net: relax socket state check at accept time.

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

UBUNTU-CVE-2024-38566

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket-sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just creat...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google pixel, which stems from a logic error in the code of the DeregAcceptProcINT module of cnNrmmStateDeregInit.cpp, where a denial of service may occur...

CVE-2024-36936

The CVE-2024-36936 issue affects the Linux kernel's memory-accept path under efi/unaccepted. The root cause was a soft lockup scenario caused by a spinlock held during memory acceptance, which could intermittently trigger a watchdog/softlockup on the CPU during large TD guest memory loads. The fi...

CVE-2024-36936 efi/unaccepted: touch soft lockup during memory accept

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 "efi/unaccepted: Fix soft lockups caused by parallel memory acceptance" has released the spinlock so other CPUs can do memory acceptance in parallel and n...

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

CVE-2024-30527

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout Accept PayPal Payments allows Manipulating Hidden Fields.This issue affects WP Express Checkout Accept PayPal Payments: from n/a through 2.3.7...

CVE-2024-30527 WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout Accept PayPal Payments allows Manipulating Hidden Fields.This issue affects WP Express Checkout Accept PayPal Payments: from n/a through 2.3.7...

CVE-2024-30527 WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout Accept PayPal Payments allows Manipulating Hidden Fields.This issue affects WP Express Checkout Accept PayPal Payments: from n/a through 2.3.7...

Leafpub 1.1.9 - Stored XSS Vulnerability

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address: http://localhost/leafpub/admin/login...

OESA-2024-1527 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to...

OESA-2024-1528 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to...

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

kernel: mptcp: fix disconnect vs accept race

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite commit 0ad529d9fd2b "mptcp: fix possible divide by zero in recvmsg", the mptcp protocol is still prone to a race between disconnect or shutdown and accept. The root cause is that the...

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

CVE-2024-33591

Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10...

CVE-2024-33591

CVE-2024-33591 is a Missing Authorization vulnerability in the WordPress plugin “Easy Accept Payments” (Tips and Tricks HQ). The vulnerability affects “Easy Accept Payments: from n/a through 4.9.10.” The CVE entry lists a CVSS v3.1 base score of 7.5 (High) with network attack vector, low attack c...