CVE-2024-46759 hwmon: (adc128d818) Fix underflows seen when writing limit attributes

In the Linux kernel, the following vulnerability has been resolved: hwmon: adc128d818 Fix underflows seen when writing limit attributes DIVROUNDCLOSEST after kstrtol results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-4629 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-4629 Source advisor...

CVE-2024-44148

This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

PT-2024-30984 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 Description: The issue allows an app to potentially break out of its sandbox due to inadequate validation of file attributes. This has been addressed with improved validation. Recommendations: For versions prior to...

get-size-derive is unmaintained

get-size-derive's maintainer seems to be unreachable, with no commits and releases pushed for 1 year and no activity on the GitHub repo. get-size-derive also depends on attribute-derive ^0.6 a version of the crate which uses the yanked crate proc-macro-error. Possible Alternatives - get-size-deri...

CVE-2024-5789

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

UBUNTU-CVE-2024-46695

In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...

CVE-2024-43180

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

CVE-2024-43180 IBM Concert information disclosure

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

CVE-2024-43180

IBM Concert Software 1.0 is affected by CVE-2024-43180 due to not setting the Secure attribute on authorization tokens or session cookies, enabling potential session hijacking when a user clicks an HTTP link. Affected product/version: IBM Concert Software 1.0. Root cause: cookies not marked secur...

PT-2024-37155 · WordPress · Triton Lite

Name of the Vulnerable Software and Affected Versions: Triton Lite theme for WordPress versions up to, and including, 1.3 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the theme's Button shortcode due to insufficient input sanitization and output...

PT-2024-37412

Name of the Vulnerable Software and Affected Versions: BT: Classic affected versions not specified Description: The issue concerns an SDP OOB access vulnerability in the get att search list function of BT Classic. Recommendations: At the moment, there is no information about a newer version that...

CVE-2024-6018 Music Request Manager <= 1.3 - Reflected XSS

The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

PT-2024-31190 · Rely-Pcie · Rely-Pcie

Name of the Vulnerable Software and Affected Versions: RELY-PCIe versions 22.2.1 through 23.1.0 Description: The issue is related to the failure of setting the Secure attribute for sensitive cookies in HTTPS sessions. This could cause the user agent to send those cookies in cleartext over an HTTP...

CVE-2024-44575

CVE-2024-44575 affects RELY-PCIe versions 22.2.1–23.1.0. The issue is that the Secure attribute is not set for sensitive cookies in HTTPS sessions, which could allow a user agent to send cookies in cleartext over an HTTP session. The vulnerability is documented with a CVSS v3.1 base score of 3.7 ...

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...