CVE-2024-44952

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Malicious code in @desesap289/dev_dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ac047c7ec6034e7a80c74ca32646da104b86b3f39c46f7f836deeebebeb53b20 The OpenSSF Package Analysis project identified '@desesap289/devdependency' @ 10.20.9 npm as malicious. It is considered malicious because: - Th...

kernel: iommu: Fix potential use-after-free during probe

A vulnerability was found in the Linux kernel's IOMMU driver, where the deviommufree function can lead to a use-after-free error. This occurs when a device probe fails while simultaneously accessing dev-iommu-fwspec in the ofiommuconfigure path. As a result, this vulnerability can potentially cau...

CVE-2024-8382

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had...

UBUNTU-CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had...

CVE-2024-8382

The CVE-2024-8382 entry describes a vulnerability where privileged EventHandler interfaces were exposed to web content during execution of their listener callbacks. Affected software includes Firefox (less than 130; ESR <128.2 and ESR

CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had...

CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had...

Security Vulnerabilities fixed in Firefox ESR 115.15 — Mozilla

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried t...

Security Vulnerabilities fixed in Thunderbird 115.15 — Mozilla

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried t...

WordPress Traversal Directory Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Traversal Directory DoS', 'Description' = %q Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in...

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:GHSA-WH2W-39F4-RPV2...

CVE-2024-45440

Summary: CVE-2024-45440 affects Drupal 11.x-dev, where core/authorize.php can disclose full file paths when hash_salt is set to file_get_contents of a non-existent file. Affected components: Drupal 11.x-dev, core/authorize.php. Root cause (as stated): hash_salt evaluated via file_get_contents of ...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CentOS 9 : kernel-5.14.0-503.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-503.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: nullblk: fix validation of block size Block size should be between...

CVE-2024-43117

Cross-Site Request Forgery CSRF vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through = 3.9.1...

CVE-2024-43117

Cross-Site Request Forgery CSRF vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1...

CVE-2024-43117

CVE-2024-43117 is a CSRF vulnerability in the WPMU DEV Hummingbird WordPress plugin, affecting Hummingbird releases up to 3.9.1. The provided documents confirm the issue and list a patched status, but there are no public details in the sources about the exact fix version or exploitation specifics...

CVE-2024-43117 WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through = 3.9.1...