CentOS 7 : rhc-worker-script (RHSA-2024:1874)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1874 advisory. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a...

PT-2024-29759

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband. The issue arises when there is a policy...

Blind SSRF Leads to Port Scan by using Webhooks

Impact Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. Affected Versions Umbraco versions 13.0.0 - 13.1.1 Patches 13.1.1 Workarounds Disabling webhooks functionality...

GHSA-74P6-39F2-23V3 Blind SSRF Leads to Port Scan by using Webhooks

Impact Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. Affected Versions Umbraco versions 13.0.0 - 13.1.1 Patches 13.1.1 Workarounds Disabling webhooks functionality...

CVE-2024-26899

A flaw was found in the Linux kernel, where a deadlock can occur between bdlinkdiskholder and partition scan...

CVE-2024-29035 Umbraco's Blind SSRF Leads to Port Scan by using Webhooks

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1...

CVE-2024-26899

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bdlinkdiskholder and partition scan 'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder, it is used to protect the creation of symlink between holding disk and...

DEBIAN-CVE-2024-26899

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bdlinkdiskholder and partition scan 'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder, it is used to protect the creation of symlink between holding disk and...

UBUNTU-CVE-2024-26899

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bdlinkdiskholder and partition scan 'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder, it is used to protect the creation of symlink between holding disk and...

CVE-2024-26899 block: fix deadlock between bd_link_disk_holder and partition scan

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bdlinkdiskholder and partition scan 'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder, it is used to protect the creation of symlink between holding disk and...

CVE-2024-26899 block: fix deadlock between bd_link_disk_holder and partition scan

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bdlinkdiskholder and partition scan 'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder, it is used to protect the creation of symlink between holding disk and...

CVE-2024-26899

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bdlinkdiskholder and partition scan 'openmutex' of gendisk is used to protect open/close block devices. But in bdlinkdiskholder, it is used to protect the creation of symlink between holding disk and...

CVE-2024-26899

CVE-2024-26899 — Linux kernel deadlock fix details : Affected component is the block layer in the Linux kernel. The issue arises when bd_link_disk_holder() uses the global open_mutex to guard the creation of a symlink between a holding disk and a slave bdev during driver initialization/modificati...

Oracle Primavera Unifier (April 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Exploit for CVE-2024-28255

OpenMetadataRCE CVE-2024-28255 Batch scan/exploit 1.このツー...

CVE-2024-3448

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...

CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...

CVE-2024-3448

CVE-2024-3448 affects Mautic, where users with low privileges can exploit improper access to ajax?action=plugin:focus:checkIframeAvailability to trigger a server-side request forgery. The flaw allows an attacker to analyze backend error messages and perform a back-end port scan. Public details in...

SUSE CVE-2024-26799

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...

CVE-2024-26799

A vulnerability was found in the Qualcomm ASoC ALSA System on Chip driver for the Linux kernel, where an uninitialized pointer dmactl could be used in certain conditions. This issue occurs when an invalid driver ID daiid is encountered, leading to potential use of uninitialized memory. Mitigation...