CVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instance

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...

CVE-2024-46762

CVE-2024-46762 affects the Linux kernel xen privcmd path. A race between privcmd_irqfd_assign() and privcmd_irqfd_deassign() can leave a previously freed kirqfd in use, allowing access to a freed kirqfd and causing a kernel oops. The issue is mitigated by applying SRCU locking to irqfds, mirrorin...

CVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instance

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...

SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a RabbitMQ instance. The issue results from the use...

TotalCloud Insights: Unmasking AWS Instance Metadata Service v1 (IMDSv1)-The Hidden Flaw in AWS Security

Introduction Imagine a breach that cost a company over $150 million in fines, remediation, and lost trust. In 2019, this was an all-too-real situation for one business when vulnerabilities in AWS Instance Metadata Service v1 IMDSv1 were exploited. A single Server-Side Request Forgery SSRF attack,...

CVE-2024-20483

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

CVE-2024-6499

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...

PT-2024-6180 · Nginx · Nginx Agent

Name of the Vulnerable Software and Affected Versions: NGINX Agent affected versions not specified Description: The issue is related to the config dirs function of the NGINX Agent and NGINX Instance Manager platform, which allows an attacker to upload arbitrary files outside the intended director...

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 CVSS score: 8.5, the vulnerability has been described as an information disclosure bug stemming from a...

GO-2022-0305 Instance config inline secret exposure in Grafana in github.com/grafana/agent

Instance config inline secret exposure in Grafana in github.com/grafana/agent...

Amazon Linux 2 : bind (ALAS-2024-2625)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2625 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problem...

CVE-2024-38175

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network...

CVE-2024-38175 Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability

...

Microsoft Azure Managed Instance for Apache Cassandra 访问控制错误漏洞

Microsoft Azure Managed Instance for Apache Cassandra is an Azure Managed Instance for Apache Cassandra is a service from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Azure Managed Instance for Apache Cassandra that stems from the presence of improper acces...

UBUNTU-CVE-2024-43831

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpudecinit to ensure the decoder vsi is valid for future use...

kernel: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...

kernel: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...

CVE-2024-7492 MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

CVE-2024-7492

CVE-2024-7492 affects the MainWP Child Reports WordPress plugin. The WordPress vulnerability is a Cross-Site Request Forgery in all versions up to 2.2, caused by missing or incorrect nonce validation in network_options_action(), enabling unauthenticated attackers to update arbitrary options on mu...

CVE-2024-4353

Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious JavaScript code. The Concre...