CVE-2024-47815 Cross-site Scripting in IncidentReporting

IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the editincidents right, some are available to those w...

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

Fixed in Apache Tomcat 10.1.31

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 146f94f8. This issue was identified by the Tomcat Security Team on 1 October 2024...

PT-2024-32842 · Ssoready +1 · Ssoready +1

Name of the Vulnerable Software and Affected Versions: SSOReady versions prior to 7f92a06 Description: The issue concerns XML signature bypass attacks. An attacker can exploit differential behavior between XML parsers to carry out signature bypass if they have access to certain IDP-signed message...

CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki

CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...

The vulnerability in the script /view/DBManage/Backup_Server_commit.php of the D-Link DAR-7000 and DAR-8000 router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the /view/DBManage/BackupServercommit.php script of the D-Link DAR-7000 and DAR-8000 router microprogramming systems exists due to the failure to address the need to neutralize certain special elements used in the operating system commands. Exploiting this vulnerability allow...

SUSE CVE-2024-46867

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in showmeminfo There is a real deadlock as well as sleeping in atomic bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix...

CVE-2024-9301

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a...

CVE-2024-9301

CVE-2024-9301 describes a path-traversal vulnerability in Netflix’s E2Nest prior to the commit 8a41948e553c89c56b14410c6ed395e9cfb9250a. Affected software is E2Nest; vulnerable component is the file/path handling mechanism that allows unauthorized access to server files. The issue is linked to ve...

CVE-2024-9301

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a...

CVE-2024-9301

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a...

CVE-2024-46867 drm/xe/client: fix deadlock in show_meminfo()

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in showmeminfo There is a real deadlock as well as sleeping in atomic bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix...

CVE-2024-46864 x86/hyperv: fix kexec crash due to VP assist page corruption

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b "x86/hyperv: Fix hypervpcpuinputarg handling when CPUs go online/offline" introduces a new cpuhp state for hyperv initialization. cpuhpsetupstate...

CVE-2024-46843 scsi: ufs: core: Remove SCSI host only if added

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcdasyncscan fails during ufshcdprobehba before adding a SCSI host with scsiaddhost and M...

PT-2024-39556 · E2Nest · E2Nest

Name of the Vulnerable Software and Affected Versions: E2Nest versions prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a Description: A path traversal issue exists in the software. This issue allows for unauthorized access to files and directories. Recommendations: For versions prior to...

CVE-2024-47179

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

CVE-2024-47179

RSSHub’s docker-test-cont.yml workflow was vulnerable to Artifact Poisoning prior to commit 64e00e7, allowing an attacker to exploit an unvalidated artifact (rsshub.tar.zst) and potentially gain a full repository takeover via a malicious package.json. Downstream users were not affected, and commi...

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...