CVE-2024-21207

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2024-47652 Insecure Authentication Vulnerability

This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile...

CVE-2024-9119

CVE-2024-9119 affects the WordPress SVG Complete plugin (versions

WordPress SVG Complete plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin SVG Complete versions = 1.0.2...

WordPress plugin SVG Complete 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress SVG Complete Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software SVG Complete Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9119 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 95edb305fb40 Credits Francesco Carlucci Required...

CVE-2024-45383

A mishandling of IRP requests vulnerability exists in the HDAudBusDMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 WinBuild.160101.0800. A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

CVE-2024-38063 Description This repository contains detail...

MAL-2024-8698 Malicious code in @diotoborg/voluptates-quos-esse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60b35b382b159eb60d9b16e6d879b84478d692e333b46f148956735b59499eb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8319 Malicious code in @diotoborg/ex-repellat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e30f0f24bcabf5b6bce5083307e9ba4d5f6aadd051592bbf5f715d455792651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-52914 io_uring/poll: add hash if ready poll request can't complete inline

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak. This will eventually stall the ring exit process as well...

Important: kernel-livepatch-4.14.345-262.561

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-4.14.345-262.561 Issue Correction: Please ensure you have live patching enabled. Run yum update...

K000140742: MySQL vulnerability CVE-2024-21179

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2024-42287

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c PF: supervisor read access in kernel mode PF:...

kernel: tls: race between tx work scheduling and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete, which could lead to undefined behavior and a denial of service...

Important: kernel-livepatch-5.10.218-206.860

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-5.10.218-206.860 Issue Correction: Please ensure you have live patching enabled. Run yum update...

CVE-2024-42393

Technical details for CVE-2024-42393 are not publicly available in the provided documents. Monitor for updates from NVD/CVE and vendor advisories.

CVE-2024-41135

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2024-41134

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2024-41135 Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...