PT-2024-15688 · WordPress · Content Views – Post Grid

Name of the Vulnerable Software and Affected Versions: Content Views – Post Grid, Slider, Accordion Gutenberg Blocks and Shortcode plugin for WordPress versions up to, and including, 3.6.2 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient inpu...

Important: kernel-livepatch-4.14.327-246.539

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

CVE-2024-23834 Discourse improperly sanitized user input leads to XSS

Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta...

TOTOLINK EX1800T Command Execution Vulnerability (CNVD-2024-13795)

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from a command execution vulnerability that stems from the telnetenabled parameter of the setTelnetCfg interface failing to correctly filter constructed command special characters,...

kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...

SUSE-SU-2024:0118-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks bsc1179610 bsc1215237. - CVE-2022-2586:...

RLSA-2024:0105 Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

CVE-2024-21585 Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash

An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daem...

CVE-2024-21585 Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash

An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daem...

Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

ALSA-2024:0108 Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

ALSA-2024:0105 Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

Moderate: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

January 9, 2024—KB5034171 (Monthly Rollup)

January 9, 2024—KB5034171 Monthly Rollup IMPORTANT The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU onl...

PT-2024-1896 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.0-mainline-maybe-dirty 1 Description: The issue is related to a use-after-free vulnerability in the class register function. The lock class key is still registered and can be found in lock keys hash hlist...

AZL-35675 CVE-2023-6693 affecting package qemu for versions less than 6.2.0-21

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables...

Memory corruption

Memory corruption while running VK synchronization with KASAN enabled...

CVE-2023-33094 Use After Free in Linux Graphics

Memory corruption while running VK synchronization with KASAN enabled...

CVE-2023-33094 Use After Free in Linux Graphics

Memory corruption while running VK synchronization with KASAN enabled...

CVE-2023-33094

CVE-2023-33094 is a memory corruption issue occurring during VK synchronization with KASAN enabled in Qualcomm-related components (Display). The NVD entry lists a local attack vector with low privileges required and no user interaction, with a high impact on confidentiality, integrity, and availa...