Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized...

kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...

CVE-2024-39499

In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...

CVE-2024-39499

CVE-2024-39499 (Linux kernel, vmci): The vulnerability allows speculative leaks via event_deliver() because user-controlled event_msg->event_data.event was used as an index without sanitization. The fix sanitizes the index to mitigate speculative information leaks. The issue is exploitable loc...

Cross-Site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of event sanitization in the $events parameter of Validate.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2023-17235 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: When running in a High Availability configuration, Mattermost fails to sanitize some of the user updated and post deleted events broadcast to all users, leading to disclosure of sensitiv...