AZL-54842 CVE-2024-56657 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

UBUNTU-CVE-2024-56615

In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as...

UBUNTU-CVE-2024-56657

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

Malicious code in dev-journey-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 788208b1474e001a223a8caea127bfb7a2d5d4120be3d5ab08e07b886b01b5dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12134 Malicious code in dev-journey-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 788208b1474e001a223a8caea127bfb7a2d5d4120be3d5ab08e07b886b01b5dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in launchpad6-dev-ops (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a30c80c00a3a3fff99c7e886c9aa19aa90f914ed903e9039de87952a37921e18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12151 Malicious code in launchpad6-dev-ops (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a30c80c00a3a3fff99c7e886c9aa19aa90f914ed903e9039de87952a37921e18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in owncloud-customgroups-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db2fb0d1c0650fa0c9e68fc32c5efc05a4c0571b13308b954b8b68a7c590fe6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12087 Malicious code in owncloud-customgroups-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db2fb0d1c0650fa0c9e68fc32c5efc05a4c0571b13308b954b8b68a7c590fe6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in editions-dev-workshop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e10c5fb118ea2960476ee2fa51f5d3d97e5834b44b3ce58aef95d3fdf1d5a822 The OpenSSF Package Analysis project identified 'editions-dev-workshop' @ 5.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2024-11924 Malicious code in editions-dev-workshop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e10c5fb118ea2960476ee2fa51f5d3d97e5834b44b3ce58aef95d3fdf1d5a822 The OpenSSF Package Analysis project identified 'editions-dev-workshop' @ 5.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2024-11495 Malicious code in webpacks-dev-servers (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in webpacks-dev-servers (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in perfetto-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38ce51161bf477ac257c50c37a9eebd8410cacfe7c99fdd88acb1ddae307a3cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11417 Malicious code in perfetto-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38ce51161bf477ac257c50c37a9eebd8410cacfe7c99fdd88acb1ddae307a3cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

WordPress Hustle Plugin <= 7.8.5 is vulnerable to Broken Access Control

Software Hustle Type Plugin Vulnerable versions = 7.8.5 Fixed in 7.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10580 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 82d2fb561073 Credits Vijaysimha Reddy vijaysimha Required privileg...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release

Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of...

CVE-2024-53261 Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS." The files...

WordPress Branda Plugin <= 3.4.21 is vulnerable to Cross Site Scripting (XSS)

Software Branda Type Plugin Vulnerable versions = 3.4.21 Fixed in 3.4.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9371 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID c1cede0cef03 Credits vgo0 Required privilege...