CVE-2024-32884

The CVE-2024-32884 issue affects gitoxide’s gix-transport component. A crafted clone URL can bypass checking the username portion of the URL, allowing characters that the external SSH program would interpret as options, which can smuggle SSH options and, in a malicious context (e.g., with a malic...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Do Minh Long Patchstack Alliance in WordPress Plugin WP Page Post Widget Clone versions = 1.0.1...

WordPress WP Page Post Widget Clone Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Page Post Widget Clone Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc529e210eb8 Credits Do Minh Long Required...

java-21-openjdk security update

1:21.0.3.0.9-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.3.0.9-1 - Update to jdk-21.0.3+9 GA - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves:...

Fedora 39 : python-pip (2024-b72bc39c00)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b72bc39c00 advisory. Security fix for CVE-2023-5752 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...

gix-transport indirect code execution via malicious username

Summary gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose...

gix-transport indirect code execution via malicious username

Summary gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose...

SUSE CVE-2024-26763

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...

SUSE CVE-2024-26809

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix...

WordPress Clone plugin <= 2.4.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Clone versions = 2.4.3...

WordPress Clone Plugin <= 2.4.3 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.4.3 Fixed in 2.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a38bde6ff71e Credits Dhabaleshwar Das Required privilege...

CVE-2024-1387

The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicatething function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone...

编号撤回

Please is a sudo clone by ed neville personal developer. This CVE number has been withdrawn...

DEBIAN-CVE-2024-26809

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix...

CVE-2024-26809

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix...

UBUNTU-CVE-2024-26809

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix...

CVE-2024-26809

CVE-2024-26809 is a Linux kernel vulnerability in netfilter nft_set_pipapo logic. The issue arises when destroying set elements: clone path may destroy elements twice because it did not always use a current view of the lookup table. The root cause is that destruction could proceed without the lat...

DEBIAN-CVE-2024-26782

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inetopt' for the new socket has the same value as the original one: as a...