DEBIAN-CVE-2024-53201

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in dcn20programpipe This commit addresses a null pointer dereference issue in dcn20programpipe. Previously, commit 8e4ed3cf1642 "drm/amd/display: Add null check for...

AZL-55294 CVE-2024-53201 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in dcn20programpipe This commit addresses a null pointer dereference issue in dcn20programpipe. Previously, commit 8e4ed3cf1642 "drm/amd/display: Add null check for...

UBUNTU-CVE-2024-53201

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in dcn20programpipe This commit addresses a null pointer dereference issue in dcn20programpipe. Previously, commit 8e4ed3cf1642 "drm/amd/display: Add null check for...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an invalid progarray access issue in perfeventdetachbpfprog in the bpf, perf subsystem. No detailed...

PT-2024-40316 · Solana · Solana Program Library

Name of the Vulnerable Software and Affected Versions: Solana Program Library affected versions not specified Description: The issue arises from the unpack function in the library, which casts a u8 array to arbitrary types. This can lead to undefined behaviors due to misaligned pointer dereferenc...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 9, 2024 to December 15, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

PT-2024-40969 · Solana · Solana Program Library

Name of the Vulnerable Software and Affected Versions: Solana Program Library affected versions not specified Description: The issue arises from the unpack function in the library, which can lead to undefined behavior when casting a u8 array to arbitrary types. This is due to the potential for...

What’s New in Rapid7 Products & Services: Q4 2024 in Review

This quarter at Rapid7 we continued to make investments across our Command Platform to provide security professionals with a holistic, actionable view of their entire attack surface - from Exposure Management to Detection and Response. Below, we’ve highlighted key releases and updates from the...

CVE-2024-54270

CVE-2024-54270 is an unauthenticated Local File Inclusion vulnerability in the Axeptio WordPress plugin (Axeptio – Cookie Banner – GDPR Consent & Compliance). The issue arises from improper control of the filename used by include/require in PHP, enabling local file inclusion. Affected versions ra...

CVE-2024-12454

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-12454

CVE-2024-12454 details (WordPress): The Affiliate Program Suite — SliceWP Affiliates plugin is vulnerable to Cross-Site Request Forgery across all versions up to 1.1.23 due to missing or incorrect nonce validation in a function. This enables unauthenticated attackers to induce an administrator to...

CVE-2024-12454 Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Summary: A flaw has been identified in the curl command-line tool related to its protocol selection mechanism. Specifically, the protocol restrictions set by the --proto option can be bypassed, allowing unintended protocols to be used despite explicit restrictions. This flaw can result in plainte...

CVE-2024-12668

Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the...

The Top Cybersecurity Agency in the US Is Bracing for Donald Trump

Staffers at the Cybersecurity and Infrastructure Security Agency tell WIRED they fear the new administration will cut programs that keep the US safe—and “persecution.”...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.21.0 and prior versions that stems from a failure to properly profile the provider program...

MAL-2024-11825 Malicious code in rarible-program-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ebfe242bd7c35911f61115ae2c00d485a5bb93b81ddf36f6f40af24fb1cd977 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rarible-program-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ebfe242bd7c35911f61115ae2c00d485a5bb93b81ddf36f6f40af24fb1cd977 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GNU objdump Buffer Overflow Vulnerability

GNU objdump is a command-line program from the American GNU community for displaying various information about target files on Unix-like operating systems. A buffer overflow vulnerability exists in GNU objdump, which stems from the failure to properly validate the length of input data in the BFD...