13682 matches found
CVE-2024-50114
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvmputkvm+0x300/0xe68...
CVE-2024-50137 reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data-asserted will be NULL on JH7110 SoC since commit 82327b127d41 "reset: starfive: Add StarFive JH7110 reset driver" was added. Add the judgment condition to...
CVE-2024-50137
CVE-2024-50137 affects the Linux kernel, specifically the StarFive JH7110 reset driver. A fault in reset_control_status can cause data->asserted to be NULL on the JH7110 SoC, triggering errors when accessing an empty member. The issue has been fixed by adding a judgment condition to avoid null...
CVE-2024-50131
CVE-2024-50131 affects the Linux kernel tracing subsystem, where length validation for events didn’t account for the NULL terminator. strlen() reports length excluding the trailing null, so if the string length equals the maximum buffer, there is no room for the NULL terminator, allowing potentia...
CVE-2024-50108 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...
CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance
cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...
CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance
cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...
Safearchive Path Traversal vulnerability
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...
CVE-2024-10389 Path Traversal in Safearchive
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...
CVE-2024-10389
CVE-2024-10389 describes a path-traversal in Safearchive on platforms with case-insensitive filesystems (e.g., NTFS) that allows an attacker to write arbitrary files via archive extraction containing symbolic links. The initial description provides affected conditions and a recommended fix: upgra...
SUSE CVE-2024-47832
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...
CVE-2024-50356
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...
DOMPurify vulnerable to tampering by prototype polution
dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc...
GHSA-P3VF-V8QC-CWCR DOMPurify vulnerable to tampering by prototype polution
dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc...
PT-2024-34165 · Frappe · Press
Name of the Vulnerable Software and Affected Versions: Press versions prior to the version containing commit ba0007c28ac814260f836849bc07d29beea7deb6 Description: The issue concerns a password reset vulnerability in Press, a custom app for Frappe Cloud that manages various services including...
CVE-2023-52066
http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter...
CVE-2023-52066
http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter...
CVE-2023-52066
http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter...
CVE-2023-52066
CVE-2023-52066 affects http.zig (commit 76cf5). The issue is a CRLF injection via the url parameter, with CVSS 3.1: Network attack, no user interaction, low confidentiality/integrity impact, no availability impact; scope is changed. Exploitation status is not provided in the supplied documents; n...
CVE-2024-50087
The connected Astra Linux advisory & the CVE entry describe a Linux kernel vulnerability in btrfs: read_alloc_one_name() may leave fscrypt_str.name uninitialized if kmalloc fails, so freeing fscrypt_str can access an uninitialized pointer. This is a local (L) issue with LOW initial access but HIG...