CVE-2024-0083

NVIDIA ChatRTX for Windows is affected by a UI-based cross-site scripting vulnerability (CVE-2024-0083) that can be triggered by network-delivered malicious scripts. The issue affects version 0.2 and earlier; exploitation could lead to code execution, denial of service, and information disclosure...

CVE-2024-0082

CVE-2024-0082 (NVIDIA ChatRTX for Windows) affects NVIDIA ChatRTX for Windows, describing a vulnerability in the UI that allows an attacker to cause improper privilege management by sending open file requests to the application, potentially enabling local privilege escalation, information disclos...

CVE-2024-1752

The CVE-2024-1752 entry concerns Font Farsi WordPress plugin versions ≤ 1.6.6. The issue is stored XSS caused by insufficient sanitization/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfiltered_html is disallowed (including multisite setu...

CVE-2024-1589

The CVE-2024-1589 issue affects the WordPress SendPress Newsletters plugin up to version 1.23.11.6. The root cause is that certain settings are not properly sanitised/escaped, enabling Stored Cross-Site Scripting (stored XSS) by high-privilege users (e.g., admins), even when unfiltered_html is di...

CVE-2024-1292

CVE-2024-1292 affects the WPB Show Core WordPress plugin prior to 2.7. The issue is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of parameters before they are output in the page, potentially exploitable against high-privilege users (e.g., admins). Public sources i...

CVE-2024-2132

CVE-2024-2132 affects the Ultimate Bootstrap Elements for Elementor WordPress plugin. Root cause: Stored XSS via the Image Widget due to insufficient input sanitization and output escaping of user-supplied attributes. Impact (as described in connected RH entry): authenticated attackers with contr...

CVE-2024-2444

CVE-2024-2444 affects the Inline Related Posts WordPress plugin (before 3.5.0). The issue is stored XSS due to insufficient sanitisation/escaping of certain settings, enabling high-privilege users (e.g., Administrators) to perform Cross-Site Scripting attacks. The vulnerability is exploitable via...

CVE-2024-2509

The CVE-2024-2509 issue affects the WordPress plugin Gutenberg Blocks by Kadence Blocks (versions

AZL-38575 CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.15-4

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-39505 CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.17-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

CVE-2024-30250

Astro-Shield (KindSpells) vulnerability CVE-2024-30250 affects versions 1.2.0–1.3.1, where injecting a correct SRI attribute into code causes the injected resource to be considered legitimate by CSP, enabling bypass of cross-origin allow-lists. Root cause: the SRI hash is added to the CSP header,...

CVE-2024-22189

The CVE concerns quic-go prior to v0.42.0 where an attacker can cause memory exhaustion on the peer by flooding with NEW_CONNECTION_ID frames that retire old connection IDs. The receiver is expected to reply with RETIRE_CONNECTION_ID frames for each retirement; an attacker can prevent most of the...

CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

Unable to access NetScaler via SSH. SSH daemon process not running or able to start.

Device not accessible via SSH. Admin GUI actions that require SSH i.e. Generate Tech Support Bundle, Ping, simulated CLI do not work, shows error ""errorcode":"2138","message":"Not authorized to execute this command","severity":"ERROR"" Unable to access device via SCP. sshd process not running an...

AZL-58780 CVE-2024-26759 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swapin the same entry at the same time, they get different pages A, B. Before one thread T0 finishes the swapin and...

DEBIAN-CVE-2024-26759

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swapin the same entry at the same time, they get different pages A, B. Before one thread T0 finishes the swapin and...

CVE-2024-26705 parisc: BTLB: Fix crash when setting up BTLB at CPU bringup

In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static block TLB entries. For that write access to the static...

CVE-2024-22360

CVE-2024-22360 (IBM Db2 on Cloud Pak for Data) is a denial-of-service issue triggered by a specially crafted query on certain columnar tables. Affected products include IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data, with versions listed as v3.5 through various refresh leve...

CVE-2024-27254

CVE-2024-27254 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions in the 3.0/4.x line as listed in the remediation table) with a denial-of-service condition from a specially crafted query. The connected Red Hat entry confirms the vulnerability details and scop...

CVE-2024-27191

CVE-2024-27191 concerns the WordPress plugin Slivery Extender (Inpersttion Slivery Extender). Public sources describe an "ImpropER Control of Generation of Code (Code Injection)" vulnerability that enables an authenticated attacker (Contributor+) to execute arbitrary code via the plugin’s shortco...