CVE-2024-40947

In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in imamatchpolicy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 5 PID: 1286325 Com...

CVE-2024-40947 ima: Avoid blocking in RCU read-side critical section

In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in imamatchpolicy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 5 PID: 1286325 Com...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a blocking call issue in the ima component in the RCU read critical section...

Important: dotnet8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7. Security...

Important: Red Hat Security Advisory: booth security update

An update for booth is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: urllib3: proxy-authorization request header is not stripped during...

CVE-2024-39484

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using exit for the remove function results in the remove callback being discarded with CONFIGMMCDAVINCI=y. When such a device gets unbound e.g. using sysfs or...

CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...

CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 security update

An update for openstack-nova, openstack-glance, and openstack-cinder is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2024-1427

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

WordPress The Post Grid plugin <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via section title tag vulnerability discovered by wesley wcraft in WordPress Plugin The Post Grid versions = 7.7.1...

PT-2024-18037 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.7.1 Description: The issue is related to Stored Cross-Site Scripting via the section title tag attribute due to insufficient...

James Bamford on Section 702 Extension

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act FISA...

The vulnerability of the ExtractImageSection() function in the LibTIFF library, which allows a hacker to cause a service failure.

The vulnerability of the ExtractImageSection function in the LibTIFF library is related to the copying of buffers without checking the input size. Exploiting this vulnerability could allow an attacker to cause a service failure using the created Tiff file...

PT-2024-37554 · Zkteco · Zkbio Cvsecurity V5000

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity V5000 version 4.1.0 Description: A problematic issue was found in the Push Configuration Section component. The manipulation of the Configuration Name argument leads to cross-site scripting. It is possible to initiate...

Low: Red Hat Security Advisory: [23.0] Security update for the 23.0 release (RPMs)

An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

CVE-2024-32936 media: ti: j721e-csi2rx: Fix races while restarting DMA

In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submitted list is not updated soon enough, and the DMA callback is triggered before that. This can lead to kernel...

CVE-2024-37675

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file...

SUSE CVE-2022-48715

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fcrecvframe mp safe Running tests with a debug kernel shows that bnx2fcrecvframe is modifying the percpu lport stats counters in a non-mpsafe way. Just boot a debug kernel and run the bnx2fc driver with the...