CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

Race Condition

Overview python-openstackclient is an OpenStack Command-line Client Affected versions of this package are vulnerable to Race Condition due to an improper handling of non-existing identifiers. An attacker can inadvertently cause the deletion of valid access rules by attempting to delete non-existe...

SUSE CVE-2024-10394

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

PT-2024-18061 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A critical issue has been identified, with a previous patch reintroducing a pre-existing vulnerability. The issue is considered critical. Recommendations: At the moment, there is no...

Malicious code in ansishade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c34f34cc1bdc60a4851d462f058187107a8c200d06ce08295d773f351fa1749a Importing the module starts the banner function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing simila...

CVE-2024-10245

CVE-2024-10245 (Relais 2FA for WordPress) : The Relais 2FA plugin contains an authentication bypass in versions

hw: arm64/sme: Always exit sme_alloc() early with existing storage

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...

drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'

...

CVE-2024-10020

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log i...

SUSE CVE-2024-39722

An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route...

CVE-2024-10097

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

What goes into testing a ship?

TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...

RHEL 5 : Red Hat Certificate System 8 (RHSA-2017:2560)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2560 advisory. Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure PKI...

SUSE CVE-2024-49912

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle null 'streamstatus' in 'planeschangedforexistingstream' This commit adds a null check for 'streamstatus' in the function 'planeschangedforexistingstream'. Previously, the code assumed 'streamstatus' could ...

AZL-51312 CVE-2024-49912 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle null 'streamstatus' in 'planeschangedforexistingstream' This commit adds a null check for 'streamstatus' in the function 'planeschangedforexistingstream'. Previously, the code assumed 'streamstatus' could ...

UBUNTU-CVE-2024-49850

In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPFCORETYPEIDLOCAL relos In case of malformed relocation record of kind BPFCORETYPEIDLOCAL referencing a non-existing BTF type, function bpfcorecalcreloinsn would cause a null pointer deference. Fi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from an issue in the drm/amd/display module planeschangedforexistingstream function that does not handle the ca...

PT-2024-33753

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A null pointer dereference issue has been identified in the Linux kernel, specifically in the drm/amd/display component. The problem arises when the stream status is null in the planes change...

CVE-2024-45715

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements...

SolarWinds Platform 跨站脚本漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Platform versions 2024.2.1 and earlier, which stems from the vulnerability to cross-site scripting when performing...