CVE-2024-31880

CVE-2024-31880 : IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to DoS under certain configurations when authenticated users send a crafted SQL statement, potentially crashing the server. Connected IBM bulletins/CPD advisories tie this set to IBM Db2...

NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration

Talos Vulnerability Report TALOS-2024-2013 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration October 23, 2024 CVE Number CVE-2024-0118 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D...

CVE-2024-50021

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in icedpllinitrclkpins This patch addresses a reference count handling issue in the icedpllinitrclkpins function. The function calls icedpllgetpins, which increments the reference count of t...

CVE-2024-22032

CVE-2024-22032: Rancher’s RKE1 deployment keeps reconciling when secrets encryption is enabled, causing Kube API secret values to be written in plaintext in the cluster AppliedSpec. Affected environments include RKE1 clusters managed by Rancher; RBAC users with cluster or project scope can view t...

CVE-2024-22029

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root...

CVE-2023-32196

CVE-2023-32196 describes an privilege-escalation risk in Rancher where RoleTemplate objects with external=true may bypass checks, enabling escalation in specific scenarios. The issue affects Rancher/Rancher Manager components that manage RoleTemplate resources (CRD-backed objects) and is tied to ...

CVE-2023-32193

CVE-2023-32193 corresponds to unauthenticated XSS in Rancher’s Norman public API endpoint (public API of rancher/norman). Root cause indicated by sources is insufficient input/URL validation in the API parsing (ParseRequestURL), enabling an attacker to inject/script and potentially execute comman...

CVE-2023-32192

The CVE-2023-32192 issue affects Rancher API Server (apiserver). Reported as an unauthenticated Cross-Site Scripting (XSS) vulnerability in the public API endpoint. Root cause described in connected sources as improper URL handling in ParseRequestURL within the apiserver, enabling arbitrary JavaS...

CVE-2023-22650

This CVE concerns Rancher not automatically cleaning up deleted/disabled users from the configured authentication provider, leaving tokens usable and potentially granting continued access. Concrete details from connected sources show the issue affects Rancher and involves user accounts that persi...

Infinite loop in github.com/gomarkdown/markdown

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

Exploit for CVE-2024-44337

CVE-2024-44337 CVE-2024-44337 POC The package github.com/gom...

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive...

CVE-2024-44337

The CVE-2024-44337 entry affects the Go library github.com/gomarkdown/markdown. A logical flaw in the paragraph function of parser/block.go allowed a remote attacker to trigger an infinite loop, causing DoS by hangs and resource consumption. The issue existed prior to pseudoversion v0.0.0-2024072...

CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

DEBIAN-CVE-2024-46870

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 Why DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error - which works fine for ASIC without IPS...

CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

CVE-2023-46586

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 before 1.0 lacks '\0' termination of the path for CGI scripts because strncpy is misused...

CVE-2023-37154

CVE-2023-37154 affects Nagios nagios-plugins 2.4.5, where check_by_ssh allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with ${IFS}. The issue is noted as categorized both as fixed in commit e8810de and as intended behavior; exploitation details are not pr...