CVE-2024-47735

...

SUSE CVE-2024-50151

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from memory corruption when fiber is enabled...

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

Directory Traversal

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal due to improper validation for the file URI scheme. An attacker can read any file on the system by crafting a URL that bypasses the intended...

DEBIAN-CVE-2024-50139

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sysregs.c:1988:14 shift exponent 33 is too large f...

CVE-2024-50151 smb: client: fix OOBs when building SMB2_IOCTL request

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...

PT-2024-35086 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.47.06 Description: The validation for the file URI scheme in changedetection.io falls short, allowing an attacker to read any file on the system. This issue only affects instances with a webdriver enable...

PT-2024-8287

Name of the Vulnerable Software and Affected Versions Cisco Desk Phone 9800 Series affected versions not specified Cisco IP Phone 6800 Series affected versions not specified Cisco IP Phone 7800 Series affected versions not specified Cisco IP Phone 8800 Series affected versions not specified Cisco...

AZL-52486 CVE-2024-50111 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

UBUNTU-CVE-2024-50111

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

CVE-2024-50111

CVE-2024-50111 affects LoongArch Linux kernel where unaligned access can trigger in irq-enabled context; do_ale() may call get_user(), causing sleep and BUG: sleeping function called from invalid context. The fix described in the unpatched Nessus entry is to enable IRQ handling for unaligned acce...

CVE-2024-50111 LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

CVE-2024-50111 LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers

Overview FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

CVE-2024-50356 Press has a potential 2FA bypass

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...

SUSE CVE-2024-10459

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056

Integrates your Drupal website with the Oh Dear monitoring app. Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module. This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthche...

CVE-2024-10459

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...