SUSE CVE-2024-56647

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

DEBIAN-CVE-2024-56647

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

AZL-54815 CVE-2024-56647 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

AZL-54735 CVE-2024-56647 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

CVE-2024-56647

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

UBUNTU-CVE-2024-56647

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

CVE-2024-56647

CVE-2024-56647: In the Linux kernel, icmp host relookup can trigger ip_rt_bug when ARP/link conditions and xfrm are involved. The fix skips icmp relookup for locally generated packets (e.g., ICMP errors) to avoid dst->out being ip_rt_bug on loopback and similar scenarios. Reproduced scenario s...

CVE-2024-56051

Improper Control of Generation of Code 'Code Injection' vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5...

Malicious code in omigo-data-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae4cfba5955464b4ebdf67da4386ccc25b7431d6dfc11e70146b23c0a8185860 The package looks like a beginning for a further work. In fact, the uploader has shortly published a few similar packages appearing to be e.g. an integration f...

CVE-2024-52801

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

Fake Betting Apps Using AI-Generated Voices to Sensitive Data

Group-IB has discovered that cybercriminals are using fake betting apps and ads with AI-generated voices to steal personal information and money. Discover the tactics used by scammers and how to avoid falling victim to these fraudulent schemes...

AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections

A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency SDA leverages videos...

Inside the Booming ‘AI Pimping’ Industry

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media...

GHSA-F632-9449-3J4W Apache Tomcat - XSS in generated JSPs

Description: The fix for improvement 69333 caused pooled JSP tags not to be released after use which in turn could cause output of some tags not to escaped as expected. This unescaped output could lead to XSS. Versions Affected: - Apache Tomcat 11.0.0 - Apache Tomcat 10.1.31 - Apache Tomcat 9.0.9...

CVE-2024-10146

The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins...

Authentication Method Confusion

CodeChecker is vulnerable to Authentication Method Confusion. The vulnerability is due to insufficient account security, where the weakly generated root user account cannot be disabled, allowing attackers to exploit it through an external authentication service...

Cross-site Scripting (XSS)

baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation in the blog post feature, allowing user-generated content to include malicious scripts...

Authentication Bypass by Primary Weakness

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the form of giving the unremovable auto-generated root user superuser privileges by default. An attacker in possession...

CVE-2024-10082

Summary (CVE-2024-10082) CodeChecker (Clang Static Analyzer/Tidy tooling) up to version 6.24.1 contains an authentication flaw: an auto-generated built-in root user with superuser permissions that cannot be disabled. An attacker who can create an account on an enabled external authentication serv...