tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

BIT-PYTHON-MIN-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

Sentry 授权问题漏洞

Sentry is a developer-oriented bug tracking and performance monitoring platform from Sentry Open Source. An authorization issue vulnerability exists in versions of Sentry prior to 25.1.0 that stems from allowing an attacker to take over any user account by using a malicious SAML identity provider...

CVE-2024-45102

A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...

CVE-2024-45102

A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...

CVE-2024-45102

A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...

CVE-2024-12365

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

PT-2025-2685 · Lxca · Lxca

Name of the Vulnerable Software and Affected Versions: LXCA affected versions not specified Description: A privilege escalation issue was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

PT-2025-30760

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the drm/amd/display subsystem related to DSC / HUBP ONO guarantees. For non-zero DSC instances, the HUBP domain required to drive it for sequential...

DEBIAN-CVE-2024-53184

In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blkmqfreetagset+0x1f/0xba RSP:...

CVE-2024-53202 firmware_loader: Fix possible resource leak in fw_log_firmware_info()

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix possible resource leak in fwlogfirmwareinfo The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with cryptofreeshash...

CVE-2024-53184 um: ubd: Do not use drvdata in release

In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blkmqfreetagset+0x1f/0xba RSP:...

Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

...

Misskey 输入验证错误漏洞

Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. An input validation error vulnerability exists in Misskey versions 2024.8.0-rc.3 through prior to 2024.11.0-alpha.3, which stems from a lack of validation that could allow an attacker to create a...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

CVE-2024-9624

WP All Import Pro (WordPress) FIXED: SSRF in pmxi_curl_download affects all versions ≤ 4.9.3, exploitable by authenticated (Administrator+) users to issue web requests from the app to arbitrary locations, including internal service endpoints and cloud instance metadata. CVSS 3.1 vector: NETWORK/L...

CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

CVE-2024-53960

creationtimestamp| type| source ---|---|--- 2024-12-11 00:11:03+00:00| seen| https://t.me/cvedetector/12591 2025-09-16 23:16:37+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:31+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...

Upgrade to Veeam Backup & Replication 12.3 Fails During "Step 1 of 7: Installing PostgreSQL server 15.10-1..."

Article Applicability The issue described in this article only occurred when using the initial Veeam Backup & Replication 12.3 ISO named VeeamBackup&Replication12.3.0.31020241201.iso. On 2024-12-16, a new ISO VeeamBackup&Replication12.3.0.31020241211.iso was made available, which contains a check...