Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of pgoff alignment in the device-dax subsystem, which could lead to memory access errors...

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...

MAL-2024-9538 Malicious code in ckeditor5-alignment (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ckeditor5-alignment (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-45001

...

CVE-2024-44965

...

CVE-2024-46732

...

Proactive Visibility Is Foundational to Strong Cybersecurity

Authored by Guest IDC Blogger: Michelle Abraham Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital...

CVE-2024-46853

CVE-2024-46853 is a Linux kernel issue corrected by updating to a patched kernel. The vulnerability stems from a KASAN slab-out-of-bounds bug in the nxp-fspi driver (spi/nxp-fspi) when handling data not aligned to 4 bytes written to TX FIFO. The issue could cause a read beyond the allocated regio...

OESA-2024-2184 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entr...

CVE-2024-9127

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress Super Testimonials plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via alignment Parameter vulnerability discovered by Francesco Carlucci in WordPress Plugin Super Testimonials versions = 3.0.0...

PT-2024-39448 · WordPress · Super Testimonials

Name of the Vulnerable Software and Affected Versions: The Super Testimonials plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is related to Stored Cross-Site Scripting via the alignment parameter due to insufficient input sanitization and output escaping. This...

Three Recommendations for Creating a Risk-Based Detection and Response Program

It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...

SUSE CVE-2024-46718

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs on certain platforms. Use 2M pages for the last unaligned to 1G VRAM chunk. v2: - Always use 2M pages for last chunk Fe...

AZL-49678 CVE-2024-46732 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linearpitchalignment even for VM Description Assign linearpitchalignment so we don't cause a divide by 0 error in VM environments...

DEBIAN-CVE-2024-46732

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linearpitchalignment even for VM Description Assign linearpitchalignment so we don't cause a divide by 0 error in VM environments...

UBUNTU-CVE-2024-46732

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linearpitchalignment even for VM Description Assign linearpitchalignment so we don't cause a divide by 0 error in VM environments...

CVE-2024-46732

CVE-2024-46732 affects the Linux kernel DRM/AMD display path. The root cause was failing to assign linear_pitch_alignment in VM environments, which could lead to a divide-by-zero error. The fix is to assign linear_pitch_alignment in VM contexts; multiple stable-kernel commits (c984debc133e and re...

New CISA Plan Aligns Federal Agencies in Cyber Defense

Today, the Cybersecurity and Infrastructure Security Agency CISA released the Federal Civilian Executive Branch FCEB Operational Cybersecurity Alignment FOCAL Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational...