CVE-2024-27013

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call backs to receive packets. If too many illegal packets arrives, tundoread will keep dumping packet contents. When console is enabled, ...

CVE-2024-27013 tun: limit printing rate when illegal packet received by tun dev

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call backs to receive packets. If too many illegal packets arrives, tundoread will keep dumping packet contents. When console is enabled, ...

CVE-2024-27013

CVE-2024-27013 affects the Linux kernel tun subsystem. When vhost_worker calls tun callbacks to receive packets, excessive illegal packets trigger tun_do_read to dump packet contents, causing high CPU usage and potential soft lockups. The advisory notes using the net_ratelimit mechanism to cap su...

CVE-2024-27013 tun: limit printing rate when illegal packet received by tun dev

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call backs to receive packets. If too many illegal packets arrives, tundoread will keep dumping packet contents. When console is enabled, ...

CVE-2024-4238

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched...

Nginx 1.25.5 Host Header Validation Vulnerability

Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice. Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering...

Malicious code in dev-ansi-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f94d1245201dda16c5e1caf199f60981cb4f4cd6042c46b7d591baa6309190f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1298 Malicious code in dev-ansi-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f94d1245201dda16c5e1caf199f60981cb4f4cd6042c46b7d591baa6309190f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Hummingbird Plugin <= 3.7.3 is vulnerable to Broken Access Control

Software Hummingbird Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32792 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 9b701eb20e44 Credits Peng Zhou Required privilege...

SUSE CVE-2024-26862

In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignoreoutgoing ignoreoutgoing is read locklessly from devqueuexmitnit and packetgetsockopt Add appropriate READONCE/WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in devqueuexmitn...

PT-2024-26845

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description A vulnerability has been resolved in the Linux kernel, specifically in the ax25 module, which handles Amateur Radio AX.25 packet protocol. The issue is related to a netdev refcount problem. Whe...

CVE-2023-41864

Cross-Site Request Forgery CSRF vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0...

CVE-2023-41864

Technical details for CVE-2023-41864 are not provided in the supplied documents; no affected products/versions or mitigations are specified here—monitor for updates.

@glow-app/solana-client (>=0.4.0 <=0.5.1), @zetamarkets/flex-sdk (>=0.6.3 <=0.15.0) +8 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.43.4 <=1.43.6)

@solana/web3.js NPM version =1.43.4, =0.4.0, =0.6.3, =0.1.1, =0.0.1, =1.4.0, =0.1.0, =1.0.4, =1.4.1 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

AZL-40085 CVE-2024-26898 affecting package kernel for versions less than 6.6.29.1-3

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmdcfgpkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function...

DEBIAN-CVE-2024-26862

In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignoreoutgoing ignoreoutgoing is read locklessly from devqueuexmitnit and packetgetsockopt Add appropriate READONCE/WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in devqueuexmitn...

CVE-2024-32518

Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0...

CVE-2024-32518

CVE-2024-32518 is a Missing Authorization vulnerability affecting PeproDev Ultimate Invoice (WordPress plugin). Public details indicate impact on PeproDev Ultimate Invoice versions up to 2.0.0. Red Hat and Wordfence entries corroborate the vulnerability and note it has been patched; specific fixe...

SUSE CVE-2024-26791

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...

Ubuntu 20.04 LTS / 22.04 LTS : NSS regression (USN-6727-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6727-2 advisory. USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04...