CVE-2024-35410

wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted wasm file...

CVE-2024-35418

CVE-2024-35418 affects the wac project (WebAssembly in C). A heap overflow in the setup_call function (wa.c) allows an attacker to cause a Denial of Service via a crafted wasm file. Impact: CVSS v3.1 base score 6.2 (Medium); vector LOCAL, no privileges, no user interaction; availability impact HI...

CVE-2024-50142

In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a "xfrm: Validate address prefix lengths in the xfrm selector." syzbot created an SA with...

CVE-2024-50142 xfrm: validate new SA's prefixlen using SA family when sel.family is unset

In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a "xfrm: Validate address prefix lengths in the xfrm selector." syzbot created an SA with...

CVE-2024-50142 xfrm: validate new SA's prefixlen using SA family when sel.family is unset

In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a "xfrm: Validate address prefix lengths in the xfrm selector." syzbot created an SA with...

GHSA-P7MV-53F2-4CWJ CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

Name: ASA-2024-011: Vote Extensions: Panic when receiving a Pre-commit with an invalid data Component: CometBFT Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: = 0.38.x, unreleased v1.x and main development branches Affected users: Chain Builders +...

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

Name: ASA-2024-011: Vote Extensions: Panic when receiving a Pre-commit with an invalid data Component: CometBFT Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: = 0.38.x, unreleased v1.x and main development branches Affected users: Chain Builders +...

CVE-2024-50114

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvmputkvm+0x300/0xe68...

CVE-2024-50137

CVE-2024-50137 affects the Linux kernel, specifically the StarFive JH7110 reset driver. A fault in reset_control_status can cause data->asserted to be NULL on the JH7110 SoC, triggering errors when accessing an empty member. The issue has been fixed by adding a judgment condition to avoid null...

CVE-2024-50137 reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC

In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data-asserted will be NULL on JH7110 SoC since commit 82327b127d41 "reset: starfive: Add StarFive JH7110 reset driver" was added. Add the judgment condition to...

CVE-2024-50131

CVE-2024-50131 affects the Linux kernel tracing subsystem, where length validation for events didn’t account for the NULL terminator. strlen() reports length excluding the trailing null, so if the string length equals the maximum buffer, there is no room for the NULL terminator, allowing potentia...

CVE-2024-50108 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...

CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

Safearchive Path Traversal vulnerability

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

CVE-2024-10389 Path Traversal in Safearchive

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

CVE-2024-10389

CVE-2024-10389 describes a path-traversal in Safearchive on platforms with case-insensitive filesystems (e.g., NTFS) that allows an attacker to write arbitrary files via archive extraction containing symbolic links. The initial description provides affected conditions and a recommended fix: upgra...

SUSE CVE-2024-47832

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

CVE-2024-50356

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...

GHSA-P3VF-V8QC-CWCR DOMPurify vulnerable to tampering by prototype polution

dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc...