Vulnerability of components of the Linux operating system’s kernel, net/mlx5e, which allows a hacker to cause a service failure

The vulnerability of the net/mlx5e components in the Linux operating system is related to errors in the double release function of arfscreategroups. Exploiting this vulnerability can allow an attacker to cause a service failure...

Important: protobuf

Issue Overview: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf...

The vulnerability of the Asset Manager’s automation and accounting software lies in the ability to assign users to inappropriate groups, which allows them to increase their privileges.

The vulnerability of the Asset Manager’s automation and accounting software lies in the ability to route users into inappropriate groups. Exploiting this vulnerability can allow attackers to enhance their privileges...

Сrimeware and financial cyberthreats in 2025

Kaspersky's Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware...

The vulnerability of Siemens SINEMA Remote Connect allows a hacker to gain unauthorized access to groups of participants to which they do not have permission to access.

The vulnerability of the Siemens SINEMA Remote Connect server is related to incorrect authorization. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to groups of participants to which they do not have access...

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

What is GNSS? Global Navigation Satellite Systems GNSS are collections, or constellations of satellite positioning systems. There are several GNSSs launched by different countries currently in operation: GPS US, GLONASS Russia, Galileo EU, BeiDou Navigation Satellite System BDS, China, Navigation...

Mattermost Authorization Issues Vulnerability (CNVD-2024-45314)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from improper authorization of /api/v4/channels requests, which can be exploited by an attacker with Read Groups privileges, but ...

kernel: net/mlx5e: fix a double-free in arfs_create_groups

A double-free vulnerability was found in the arfscreategroups function in the Linux kernel's net/mlx5e driver. This issue could lead to memory corruption or a system crash if exploited, as freeing the same memory twice may cause undefined behavior...

kernel: nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attrgroups in unregisternvdimmpmu Memory pointed by 'ndpmu-pmu.attrgroups' is allocated in function 'registernvdimmpmu' and is lost after 'kfreendpmu' call in function 'unregisternvdimmpmu'...

kernel: sched/psi: use kernfs polling functions for PSI trigger polling

A use-after-free vulnerability was found in the Linux kernel's PSI Pressure Stall Information trigger handling for cgroups. When a cgroup is removed while a process is polling its PSI trigger file, the trigger's waitqueue is destroyed via psitriggerdestroy while the polling process still holds a...

kernel: af_netlink: Fix shift out of bounds in group mask calculation

In the Linux kernel, the following vulnerability has been resolved: afnetlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlinkrecvmsg fills in the address of the sender. One of the fields is the 32-bit bitfield nlgroups, which carries the multicast...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from improper authorization of /api/v4/channels requests, which can be exploited by an attacker with Read Groups privileges, but ...

PT-2024-29684 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Mattermost versions 10.0.x through 10.0.0 Description: The issue allows a User or System Manager with "Read Groups"...

WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita in WordPress Plugin BuddyPress Groups Extras versions = 3.6.10...

RHEL 7 : openstack-neutron (RHSA-2017:2449)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2449 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

CVE-2024-37453 WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.8.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups DHEATATTACK bsc1230698 Patch Instructions: To install this SUSE update use the SUSE recommended...

The vulnerability of the $pconfig variable in the interfaces_groups_edit.php file of the software network interface controller based on the FreeBSD Netgate pfSense operating system allows a hacker to execute arbitrary code.

The vulnerability of the $pconfig variable in the interfacesgroups Edit.php file of the software network interface layer based on the FreeBSD Netgate pfSense operating system is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

SUSE CVE-2024-49925

In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UAF race during...