CVE-2024-2040

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

CVE-2024-2040

The connected Patchstack entry confirms a CSRF vulnerability in WordPress theme Himer prior to version 2.1.1, enabling an attacker to cause users to join private groups without authorization. The affected product is the Himer WordPress theme (versions

PT-2024-18659 · Himer · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue is related to the lack of CSRF checks in certain areas, which could allow attackers to make users join private groups via a CSRF attack. Recommendations: For versions prior ...

CBL Mariner 2.0 Security Update: buildah (CVE-2022-2990)

The version of buildah installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2990 advisory. - An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitiv...

Security Bulletin: A vulnerability in github.com/containerd/containerd-v1.6.17 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the github.com/containerd/containerd-v1.6.17 package has been addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups insi...

ROS-20240627-01

A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Tab Groups component of Google Chrome prior to version 126.0.6478.54 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Linux 6.1

A flaw was discovered in the filelockinit function in the fs/locks.c file within the Linux kernel. This issue can lead to host memory exhaustion, as memcg does not limit the number of POSIX file locks that can be created...

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang aka CamoFei,...

MAL-2024-2225 Malicious code in down_load_ebook_welcome_newcomer_by_al_anon_family_groups_yd1x3 (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-4541

Name of the Vulnerable Software and Affected Versions VMware ESXi affected versions not specified Description VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously...

The vulnerability of the Tab Groups component in Microsoft Edge and Google Chrome allows a hacker to execute arbitrary code on the target system or cause a service failure.

The vulnerability of Tab Groups components in Microsoft Edge and Google Chrome is related to buffer overflows in the “stack”. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system or cause a service failure by using a specially created HTML page...

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 126.0.6478.61 release. It includes 21 security fixes. Some of them are: High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24 High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuz...

CVE-2024-38568

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writi...

CVE-2024-38569

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writing...

CVE-2024-38568

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writi...

CVE-2024-38568

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writi...

UBUNTU-CVE-2024-38569

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writing...

CVE-2024-38569 drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writing...