CVE-2024-8267

The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input...

PT-2024-7149

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.4R3-S8 Juniper Networks Junos OS versions from 22.2 before 22.2R3-S4 Juniper Networks Junos OS versions from 22.4 before 22.4R3-S3 Juniper Networks Junos OS versions from 23.2 before 23.2R2-S1...

kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

A vulnerability was found in the icebridgesetlink function in the Linux kernel. A missing check to verify whether the nlmsgfindattr function returns NULL or not could lead to a NULL pointer dereference, system instability, or crashes...

kernel: ext4: do not create EA inode under buffer lock

A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...

kernel: x86/mm/pat: fix VM_PAT handling in COW mappings

CVE-2024-35877 pertains to a flaw in the Linux kernel's handling of Page Attribute Table PAT settings during Copy-On-Write COW operations. When a write operation triggers a COW event, the kernel may replace the original page table entries PTEs with anonymous folios. This replacement disrupts the...

WordPress Radio Player plugin <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin Radio Player versions = 2.0.78...

kernel: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parseattr vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID, which of course may not be valid. If the ID is invalid, kvmgetvcpubyid...

kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

A vulnerability was found in the icebridgesetlink function in the Linux kernel. A missing check to verify whether the nlmsgfindattr function returns NULL or not could lead to a NULL pointer dereference, system instability, or crashes...

kernel: ext4: do not create EA inode under buffer lock

A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...

kernel: x86/mm/pat: fix VM_PAT handling in COW mappings

CVE-2024-35877 pertains to a flaw in the Linux kernel's handling of Page Attribute Table PAT settings during Copy-On-Write COW operations. When a write operation triggers a COW event, the kernel may replace the original page table entries PTEs with anonymous folios. This replacement disrupts the...

PT-2024-39136 · WordPress · Daily Prayer Time

Name of the Vulnerable Software and Affected Versions: Daily Prayer Time plugin for WordPress versions up to, and including, 2024.08.26 Description: The issue arises from insufficient escaping on the user-supplied max word attribute of the quran verse shortcode and lack of sufficient preparation ...

SUSE CVE-2017-15865

bgpd in FRRouting FRR before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes...

CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes

Impact One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the node component using the nodeProps prop. Note: The attributes prop that is typically rendered alongside nodeProps is...

PT-2024-32380 · Unknown · @Udecode/Plate-Core

Name of the Vulnerable Software and Affected Versions: @udecode/plate-core versions prior to 21.5.1 and 36.5.9 Description: The issue concerns a longstanding feature in Plate that allows adding custom DOM attributes to elements or leaves using the attributes property, which can be used for...

SUSE CVE-2024-8805

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within...

SUSE CVE-2024-46736

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2renamepath If smb2setpathattr is called with a valid @cfile and returned -EINVAL, we need to call cifsgetwritablepath again as the reference of @cfile was already dropped by previous...

CVE-2024-46758

A buffer underrun vulnerability was found in the Linux kernel. DIVROUNDCLOSEST after kstrtol results in an underflow if a large negative number, such as -9223372036854775808, is provided by the user, resulting in loss of availability of the system. Mitigation Mitigation for this issue is either n...

DEBIAN-CVE-2024-46736

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2renamepath If smb2setpathattr is called with a valid @cfile and returned -EINVAL, we need to call cifsgetwritablepath again as the reference of @cfile was already dropped by previous...

UBUNTU-CVE-2024-46736

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2renamepath If smb2setpathattr is called with a valid @cfile and returned -EINVAL, we need to call cifsgetwritablepath again as the reference of @cfile was already dropped by previous...