DEBIAN-CVE-2024-10459

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

DEBIAN-CVE-2024-50072

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below GP in 32-bit mode when dosemu software was executing vm86 system call: general protection fault: 0000 1 PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin...

PT-2024-16133 · Mattermost +2 · Mattermost +2

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Description: The issue arises when ElasticSearch is enabled, and Mattermost fails to properly filter channel data. This allows a user to obtain private channel names by using the cmd+K/ctrl+K shortcut...

CVE-2024-44145

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 15, which originated when an attacker with physical access to a Sidecar-enabled macOS device may be able to bypass the lock screen...

CVE-2024-30124

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

PT-2024-23198

Name of the Vulnerable Software and Affected Versions HCL Sametime affected versions not specified Description The issue concerns insecure services in-use on the UIM client by default. Specifically, an unused legacy REST service was enabled by default using the HTTP protocol. This could potential...

PT-2024-32880 · Intermesh · Intermesh 7177 Hybrid 2.0 Subscriber +1

Name of the Vulnerable Software and Affected Versions: InterMesh 7177 Hybrid 2.0 Subscriber versions prior to 8.2.12 InterMesh 7707 Fire Subscriber versions prior to 7.2.12 Description: A vulnerability has been identified that could allow an authenticated local attacker to execute arbitrary...

CVE-2022-49004 riscv: Sync efi page table's kernel mappings before switching

In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...

AZL-51309 CVE-2024-47713 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop Since 'devqueuexmit' should be called with interrupts enabled, the following backtrace: ieee80211dostop ... spinlockirqsave&local-queuestopreasonlock, flags...

CVE-2024-47735 RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of spinlockirq/spinunlockirq when spinlockirqsave/spinlockirqrestore was hold. This was discovered through the lock debugging, and the corresponding log is a...

CVE-2024-47735

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of spinlockirq/spinunlockirq when spinlockirqsave/spinlockirqrestore was hold. This was discovered through the lock debugging, and the corresponding log is a...

CVE-2024-47713 wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop Since 'devqueuexmit' should be called with interrupts enabled, the following backtrace: ieee80211dostop ... spinlockirqsave&local-queuestopreasonlock, flags...

USN-7077-1 amd64-microcode vulnerability

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode SMM configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute...

WordPress plugin Community by PeepSo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2024-39516

An Out-of-Bounds Read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service DoS. Continued...

CVE-2024-39515

An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Deni...

CVE-2024-39525

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service...

October 8, 2024—KB5044343 (Monthly Rollup)

October 8, 2024—KB5044343 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU onl...

CVE-2024-28888

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...