CVE-2024-34356 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...

CVE-2023-52721

The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability...

Exploit for CVE-2024-24787

CVE-2024-24787-PoC On Darwin, building a Go module which cont...

CVE-2024-27054

A vulnerability was found in the dasdgenericsetonline function in the Linux Kernel's s390 dasd.c driver, where improper reference count handling on error paths can lead to the refcount value being decreased twice, resulting in an incorrect underflow. This issue can lead to system instability...

CVE-2024-27054

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path causes refcount to...

CVE-2024-27029 drm/amdgpu: fix mmhub client id out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mmhub client id out-of-bounds access Properly handle cid 0x140...

CVE-2024-26975

In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: Fix a NULL pointer dereference A NULL pointer dereference is triggered when probing the MMIO RAPL driver on platforms with CPU ID not listed in intelraplcommon CPU model list. This is because the...

CVE-2024-26975 powercap: intel_rapl: Fix a NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: Fix a NULL pointer dereference A NULL pointer dereference is triggered when probing the MMIO RAPL driver on platforms with CPU ID not listed in intelraplcommon CPU model list. This is because the...

CVE-2024-26963 usb: dwc3-am62: fix module unload/reload behavior

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove is called. Do a pmruntimegetsync to make sure module is active before doing any register operations. Doi...

CVE-2024-26963 usb: dwc3-am62: fix module unload/reload behavior

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove is called. Do a pmruntimegetsync to make sure module is active before doing any register operations. Doi...

CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

CVE-2024-26846 nvme-fc: do not wait in vain when unloading module

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

Multiple local boost vulnerabilities in the Linux kernel n_gsm module

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Multiple local boost vulnerabilities exist in the Linux kernel ngsm module, which can be exploited by an attacker to cause a normal user to locally boost to root privileges...

CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass...

CVE-2024-26784

In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmiperfdomain removal On unloading of the scmiperfdomain module got the below splat, when in the DT provided to the system under test the 'power-domain-cells' property was missing. Indeed,...

CVE-2024-26747

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usbroleswitch parent's module reference after the user get usbroleswitch device and put the reference after the user...

CVE-2024-26711

CVE-2024-26711 is a Linux kernel issue in the IIO subsystem: iio: adc: ad4130, where clk_init_data was not fully initialized, potentially affecting exposure of the internal clock on the CLK pin. The root cause is partial initialization of the clk_init_data structure. The documented fix is to zero...

GHSA-75HQ-H6G9-H4Q5 Wasmtime vulnerable to panic when using a dropped extenref-typed element segment

Impact The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. The panic in question is caused when a...

Metasploit Framework 6.4 Released

Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 and the team has added many new features and improvements since then. For news reporters, please reach out to [email protected]. Kerberos Improvements...