CVE-2024-31329

CVE-2024-31329 is documented in the Wear OS June 2024 security bulletin as a System-component elevation of privilege (EoP) with High severity. The bulletin notes it could lead to local EoP with no additional execution privileges. Affected devices should apply the 2024-06-01 patch level (or later)...

CVE-2024-5027

CVE-2024-5027 affects Citrix Workspace app for Mac (pre-2402.10). Elevation of privilege from a local authenticated user to root is possible. Remedy: upgrade to Citrix Workspace app for Mac 2402.10 or later (per CTX675851). If details on root-cause are not provided, note that explicit root-cause ...

github.com/huandu/facebook may expose access_token in error message.

Summary accesstoken can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain accesstoken. This can be happen when: - module is sending HTTP request with query parameter ?accesstoken=.... - and HTTP request fails errors...

CVE-2021-47559 net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smcvlanbytcpsk Coverity reports a possible NULL dereferencing problem: in smcvlanbytcpsk: 6. returnednull: netdevlowergetnext returns NULL checked 29 out of 30 times. 7. varassigned:...

Personal AI Assistants and Privacy

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall record...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a deadlock problem...

SUSE SLES15 Security Update : kernel (Live Patch 42 for SLE 15 SP3) (SUSE-SU-2024:1708-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1708-1 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKE...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a deadlock problem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a deadlock problem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of a deadlock problem...

CVE-2024-35843

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pcigetdomainbusandslot. This function searches the list of all PCI devices until the desired...

CVE-2023-52424

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive th...

CVE-2024-35843

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pcigetdomainbusandslot. This function searches the list of all PCI devices until the desired...

CVE-2024-27971

CVE-2024-27971 is a path traversal causing unauthenticated local file inclusion in the WordPress plugin Premmerce Permalink Manager for WooCommerce . The issue affects versions from before 2.3.11 (i.e., up to 2.3.10) and stems from improper limitation of a pathname to a restricted directory. Publ...

CVE-2024-27955

CVE-2024-27955 is a CSRF to Privilege Escalation vulnerability in the WordPress Automatic Plugin (WP Automatic) affecting versions up to 3.92.0. Exploitation could lead to privilege escalation. The vulnerability is marked as patched; remediation is to upgrade to the patched version (3.92.0 or lat...

CVE-2024-27954

WordPress Automatic plugin

CVE-2024-24869

CVE-2024-24869 affects BoldGrid Total Upkeep (WordPress plugin)

CVE-2024-24715

CVE-2024-24715 refers to the WordPress plugin BookIt (The Booking Calendar) and affects versions

CVE-2024-22157

CVE-2024-22157 is an unauthenticated privilege-escalation vulnerability in the WordPress plugin SalesKing (

CVE-2024-22139

CVE-2024-22139 (WordPress Manutenção) is an unauthenticated authentication bypass arising from IP spoofing, affecting WordPress Manutenção versions up to and including 1.0.6. The root cause involves insufficient validation of IP addresses in maintaining mode, enabling bypass of the maintenance re...