CLSA-2024-1711561903 Update of selinux-policy

SELinux: label /dev/userfaultfd with userfaultfdt to satisfy the DISA STIG security requirements...

Path Traversal

webpack-dev-middleware is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of URL addresses, allowing attackers to access any file on the developer's machine by manipulating the URL with specific encoded sequences such as %2e or %2f...

CVE-2024-29777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through = 1.29.0...

CVE-2024-29777

CVE-2024-29777 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Forminator (WPMU DEV) up to version 1.29.0. The issue arises from improper input neutralization during web page generation. Affected: Forminator

PT-2024-23019 · Wpmu Dev · Wpmu Dev Forminator

Name of the Vulnerable Software and Affected Versions: WPMU DEV Forminator versions 1.29.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can...

Debian dla-3776 : libnode-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3776 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3776-1 [email protected]...

CVE-2021-47164

A vulnerability was found in the net/mlx5e driver in the Linux kernel where a NULL pointer dereference was caused when accessing a lag device. This issue occurred because the driver processed an event without confirming the existence of an upper device, which led to potential crashes. Mitigation...

Security Bulletin: Multiple vulnerabilities in IBM's 4769 Developer's Toolkit. CVE-2023-33855, CVE-2023-47150

Summary IBM Common Cryptographic Architecture CCA could allow a remote user to cause a denial of service CVE-2023-47150 or to obtain sensitive information CVE-2023-33855 as described in the vulnerability details section. IBM customers who use the IBM 4769 Developer's Toolkit to create CCA...

DEBIAN-CVE-2021-47173

In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720probe uss720probe forgets to decrease the refcount of usbdev in uss720probe. Fix this by decreasing the refcount of usbdev by usbputdev. BUG: memory leak unreferenced object 0xffff88810111380...

CVE-2021-47164 net/mlx5e: Fix null deref accessing lag dev

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bondenslave the active/backup slave being set before setting the upper dev so first event is without an upper dev. After...

CVE-2021-47164 net/mlx5e: Fix null deref accessing lag dev

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bondenslave the active/backup slave being set before setting the upper dev so first event is without an upper dev. After...

CVE-2021-47164

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bondenslave the active/backup slave being set before setting the upper dev so first event is without an upper dev. After...

CVE-2021-47164

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bondenslave the active/backup slave being set before setting the upper dev so first event is without an upper dev. After...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29777 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 4c3587917921 Credits Rafie Muhammad Patchstack Required privile...

GHSA-WR3J-PWJ9-HQQ6 Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

@moneko/core (>=3.9.17-beta.25 <=3.11.1-beta.2), @proteinjs/server (>=1.0.1 <=2.1.10) +2 more potentially affected by CVE-2024-29180 via webpack-dev-middleware (=7.0.0)

webpack-dev-middleware NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on webpack-dev-middleware and may be impacted: - @moneko/core =3.9.17-beta.25, =1.0.1, =1.1.0, =0.0.101, =0.0.113 Source cves: CVE-2024-29180 Source advisory:...

@angular-architects/build-angular (=16.2.0-next.2), @angular-devkit/build-angular (>=15.1.0 <=17.3.1) +165 more potentially affected by CVE-2024-29180 via webpack-dev-middleware (>=6.0.0 <=6.1.1)

webpack-dev-middleware NPM version =6.0.0, =15.1.0, =9.3.0, =1.12.3, =4.20.4, =0.1.0, =3.1.0, =3.0.0-alpha.14, =15.1.0, =16.0.0-next.6, =2.6.0, =8.4.0, =7.0.0-rc.11, =7.0.0-rc.16 and more Source cves: CVE-2024-29180 Source advisory: OSV:GHSA-WR3J-PWJ9-HQQ6...

CVE-2024-29180

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the...

CVE-2024-29180 webpack-dev-middleware Path Traversal vulnerability

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the...