SUSE CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

CVE-2024-56669

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS, leading to potential memory leaks and kernel crashes. Specifically, CACHETAGDEVTLB type cache tags may still...

DEBIAN-CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

UBUNTU-CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

PT-2024-9723 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could allow an attacker to inject malicious scripts into vulnerable form fields. When a victim...

CVE-2024-50108

CVE-2024-50108 affects the Linux kernel DRM-AMD display path. The issue arises from PSR-SU handling for Parade 08-01 TCON, where at boot and during fullscreen VA-API playback a ~1s black screen occurs and kernel warnings are logged when calling dmub_psr_enable(). The vulnerability is mitigated by...

CVE-2024-45802

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted...

PT-2024-35668

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the f2fs file system in the Linux kernel. It can trigger a system panic when checkpoint disabling and lfs mode are both enabled, causing incorrect accounting of...

SUSE SLES12 Security Update : cups-filters (SUSE-SU-2024:3570-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3570-1 advisory. - CVE-2024-47176: cups-browsed binds on UDP port 631 and trusts packets that try to trigger a Get-Printer- Attributes IPP request...

Cortex XDR Agent: Local Windows User Can Disable the Agent

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. Work...

CVE-2024-46820

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well. So the calls to disable IRQ and set state are removed. This effectively get...

CVE-2024-46820

CVE-2024-46820 is a Linux kernel vulnerability in the AMDGPU VCN suspend path. The fix removes calls that disable IRQs and stops tracking IRQ state in vcn 5 suspend, because the code did not properly enable/disable VCN IRQs and did not manage IRQ state. The patch eliminates the WARN_ON(!amdgpu_ir...

CVE-2024-46820 drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well. So the calls to disable IRQ and set state are removed. This effectively get...

CVE-2024-46820 drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well. So the calls to disable IRQ and set state are removed. This effectively get...

CVE-2024-46820 drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well. So the calls to disable IRQ and set state are removed. This effectively get...

IDOR vulnerability in account profile page

Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer...

CVE-2024-45298 Disabled user can bypass lockout by requesting password reset in wiki.js

Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...

CVE-2024-45298

Wiki.js exposes an authentication bypass where a disabled user can regain access by abusing the password reset flow. Affected: Wiki.js 2.5.303. Root cause: password reset handling allows access despite disabled status. Remediation: upgrade to version 2.5.304 (or later). No additional exploit deta...

Wiki.js 安全漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. A security vulnerability exists in Wiki.js version 2.5.303 that stems from a disabled user being able to bypass account disabling by requesting a password reset...

kernel security update

5.14.0-427.33.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...