CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

Debian: Security Advisory (DSA-5717-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-37598 · Tenda · Tenda A301

Name of the Vulnerable Software and Affected Versions: Tenda A301 version 15.13.08.12 Description: A critical issue was found in the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to a stack-based buffer overflow. This issue can...

Exploit for Out-of-bounds Write in Mozilla Firefox

CVE-2024-29943 A Pwn2Own SpiderMonkey JIT Bug: From Integer R...

Denial Of Service (DoS)

silverstripe/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls in the dev/build system controller, which could allow unauthorized users to trigger the dev/build process and potentially causing resource exhaustion and disrupting...

Information Disclosure

silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to sensitive database connection details potentially being exposed in stack traces when running in dev mode with the mysqli database driver...

MAL-2024-3833 Malicious code in vscode-dev-containers (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in rippling-flux-dev-tools (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2963 Malicious code in rippling-flux-dev-tools (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2962 Malicious code in rippling-flux-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in rippling-flux-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flux_dev_tools.server.flask (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2384 Malicious code in flux_dev_tools (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2087 Malicious code in @realty-front/dev-tools (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...

CVE-2024-37676

An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the HeaderpopulateFromSettings function...

CVE-2024-37676

An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the HeaderpopulateFromSettings function...

CVE-2022-48759 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

CVE-2022-48756 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msmdsiphyenable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check to avoid a possible NU...