GO-2024-3259 CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft...

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.

...

CVE-2024-53080 drm/panthor: Lock XArray when getting entries for the VM

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 "drm/panthor: Fix race when converting group handle to group object" we need to use the XArray's internal locking when retrieving a vm pointe...

CVE-2024-53065 mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create

In the Linux kernel, the following vulnerability has been resolved: mm/slab: fix warning caused by duplicate kmemcache creation in kmembucketscreate Commit b035f5a6d852 "mm: slab: reduce the kmalloc minimum alignment if DMA bouncing possible" reduced ARCHKMALLOCMINALIGN to 8 on arm64. However, wi...

SUSE CVE-2024-50269

In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca "usb: musb: sunxi: Explicitly release USB PHY on exit" will cause that usb phy @glue-xceiv is accessed after released. 1 register platform driver...

AZL-53727 CVE-2024-50269 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca "usb: musb: sunxi: Explicitly release USB PHY on exit" will cause that usb phy @glue-xceiv is accessed after released. 1 register platform driver...

CVE-2024-50301 security/keys: fix slab-out-of-bounds in key_task_permission

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in keytaskpermission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in kuidval include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uideq include/linux/uidgid.h:63...

CVE-2024-50293

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in smccreate Thanks to commit 4bbd360a5084 "socket: Print pf-create when it does not clear sock-sk on failure.", syzbot found an issue with AFSMC: smccreate must clear sock-sk on failur...

CVE-2024-50293

Technical details about CVE-2024-50293 (net/smc dangling sk in __smc_create) are not publicly provided in the supplied documents. Monitor for updates from official advisories.

CVE-2024-50293 net/smc: do not leave a dangling sk pointer in __smc_create()

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in smccreate Thanks to commit 4bbd360a5084 "socket: Print pf-create when it does not clear sock-sk on failure.", syzbot found an issue with AFSMC: smccreate must clear sock-sk on failur...

CVE-2024-50293 net/smc: do not leave a dangling sk pointer in __smc_create()

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in smccreate Thanks to commit 4bbd360a5084 "socket: Print pf-create when it does not clear sock-sk on failure.", syzbot found an issue with AFSMC: smccreate must clear sock-sk on failur...

CVE-2024-52583 WesHacks code includes links to Leostop tracking spyware infested files

The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page schedule.html before 17 November 2024 or commit 93dfb83 contains links to Leostop, a site that hosts a malicious injected JavaScript file that occurs when...

CVE-2024-52583 WesHacks code includes links to Leostop tracking spyware infested files

The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page schedule.html before 17 November 2024 or commit 93dfb83 contains links to Leostop, a site that hosts a malicious injected JavaScript file that occurs when...

CVE-2024-9526

There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We...

CVE-2024-9526

CVE-2024-9526 describes a stored XSS in Kubeflow Pipeline View web UI. The vulnerability stems from the description field in the pipeline creation form, which allows HTML tags that are not properly filtered, enabling stored cross-site scripting. Multiple sources (NVD entry, SUSE security advisory...

CVE-2024-9526 Stored XSS in Kubeflow Pipeline View

There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We...

PT-2024-35380 · Unknown · Weshacks Github Repository

Name of the Vulnerable Software and Affected Versions: WesHacks GitHub repository versions prior to 17 November 2024 or commit 93dfb83 Description: The issue concerns the presence of links to Leostop, a site potentially hosting malicious injected JavaScript files, in the schedule.html page of the...

kernel: ext4: regenerate buddy after block freeing failed if under fc replay

A flaw was found in the Linux kernel's ext4 filesystem related to the fast commit replay process. During this process, blocks that are already marked as free can be incorrectly marked as free again, leading to the corruption of the buddy bitmap, which is used to track free and allocated blocks...

kernel: Reapply "drm/qxl: simplify qxl_fence_wait"

In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxlfencewait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got o...

CVE-2024-52288

LibOSDP (C library with C++, Rust, Python3 bindings) is affected by CVE-2024-52288: under affected versions, an RMAC_I/RMAC_I-like artifact may be injected into an active OSDP stream, allowing a MITM attacker to capture RMAC_I replies and later replay messages, effectively reverting the RMAC to t...