XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

Impact Any user with edit right on any page can perform arbitrary remote code execution by adding instances of XWiki.SearchSuggestConfig and XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki...

CVE-2024-37281

Kibana has a Denial of Service vulnerability CVE-2024-37281 where a user with the Viewer role can crash a Kibana instance by issuing a high volume of crafted requests to a specific endpoint. Affected ranges include Kibana 8.x before 8.14.0 and 7.x before 7.17.23. Root cause details are not fully ...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that stems from the fact that writing requests that submit very long tag group names may reduce the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the need for instance variables to be symbolic in error handling...

BIT-DISCOURSE-2024-38360 Denial of service via Watched Words in Discourse

Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current...

How to Configure SQL Instances in XenMobile Server with custom port

This article provides information on how to install XenMobile Server XMS 10 to be configured on a SQL Instance with the custom port. Prerequisites Knowledge of SQL service accountcredentials with the appropriate role. Knowledge of SQL Server FQDN or IP. Knowledge of custom port for the SQL instan...

CVE-2024-39528

A Use After Free vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service DoS.On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at...

CVE-2024-39528

CVE-2024-39528 — AUse After Free in Juniper Junos OS/Junos OS Evolved Routing Protocol Daemon (rpd) causes a segmentation fault on a specific sequence (routing-instance deactivation + SNMP request), leading to rpd crash and DoS. Affected: Junos OS and Junos OS Evolved. Reported vulnerable version...

CVE-2024-39558

creationtimestamp| type| source ---|---|--- 2024-07-11 01:35:25+00:00| seen| https://t.me/cvedetector/608 2025-02-07 22:03:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3842...

CVE-2024-39514

CVE-2024-39514 affects Junos OS and Junos OS Evolved. An attacker—adjacent, unauthenticated—can trigger a crash of the Routing Protocol Daemon (rpd) by sending specific traffic on devices with EVPN-VPWS and IGMP-snooping enabled, causing a DoS. Affected ranges are listed per release: Junos OS ver...

CVE-2024-5178

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...

CVE-2024-5217

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

CVE-2024-39491

A flaw was found in the Linux kernel's HDA driver before initialization. This issue occurs when a user unloads and then reloads the module, and could allow a local user to crash the system...

UBUNTU-CVE-2024-39491

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

CVE-2024-39491 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

CVE-2024-39491 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

CVE-2024-38363

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-39691 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...

Malicious code in prpc-client-instance.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 890706b9c002912e24d6ea56d82d7736b12c82d91cc8dc4e7a2bc97e4c1d6d9e The OpenSSF Package Analysis project identified 'prpc-client-instance.js' @ 69.69.69 npm as malicious. It is considered malicious because: - The...