CVE-2024-43880

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

CVE-2024-7722

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-7722 Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-7722 Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

GO-2022-1079 OpenFGA subject to Information Disclosure via streamed-list-objects endpoint in github.com/openfga/openfga

OpenFGA subject to Information Disclosure via streamed-list-objects endpoint in github.com/openfga/openfga...

kernel: gfs2: Fix potential glock use-after-free on unmount

A vulnerability was found in the Linux kernel within the gfs2 component, where potential use-after-free issues could occur on unmount. When DLM lockspaces are released with remaining locks, callbacks for asynchronous lock contention may access freed objects, causing unexpected behavior...

CVE-2022-48893

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine discovery failures If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. Those incompletely setup engines only have...

CVE-2022-48893 drm/i915/gt: Cleanup partial engine discovery failures

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine discovery failures If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. Those incompletely setup engines only have...

DEBIAN-CVE-2024-43867

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveauboref on a nouveaubo without initializing it and hence the backing ttmbo leads to a refcount underflow. Instead of calling nouveauboref in the unwind path of...

UBUNTU-CVE-2024-43867

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveauboref on a nouveaubo without initializing it and hence the backing ttmbo leads to a refcount underflow. Instead of calling nouveauboref in the unwind path of...

CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

BIT-NGINX-INGRESS-CONTROLLER-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

WordPress Plugin 'GiveWP - Donation Plugin and Fundraising Platform' < 3.14.2 RCE

The WordPress application running on the remote host has a version of the 'GiveWP - Donation Plugin and Fundraising Platform' plugin that is prior to 3.14.2. It is, therefore, affected by a remote code execution vulnerability. Deserialization of malicious PHP objects injected through the...

PT-2024-6707 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: The issue is related to the use of memory after it has been freed, allowing remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interacti...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387: Race Condition in Signal Handling for OpenSSH...

SUSE CVE-2024-42262

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the performance extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it ...

SUSE CVE-2024-42263

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the timestamp extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it by...

The vulnerability of the Single Sign-On (SSO) function of the SAP BusinessObjects Business Intelligence platform allows a hacker to gain full access to the device.

The vulnerability of the Single Sign-On SSO function of the SAP BusinessObjects Business Intelligence platform is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the device by obtaining an...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in various products such as SAP Business Objects, SAP HANA, Netweaver and Document Builder. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Server Side Request Forgery SSRF. - Cross-Site...