Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: CVE-2023-6040 CVE-2024-26595 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

CVE-2024-9008

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotel...

CVE-2024-9008 SourceCodester Best Online News Portal Comment Section news-details.php sql injection

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotel...

CVE-2024-9008 SourceCodester Best Online News Portal Comment Section news-details.php sql injection

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotel...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 18.0 (python-webob) security update

An update for python-webob is now available for Red Hat OpenStack Platform 18.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: firefox update

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

SUSE CVE-2024-46764

In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection If the length of the name string is 1 and the value of name0 is NULL byte, an OOB vulnerability occurs in btfnamevalidsection and the return value is true, so the invalid nam...

PT-2024-39363 · Unknown · Sourcecodester Best Online News Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical vulnerability was found in the Comment Section of the SourceCodester Best Online News Portal. The issue affects unknown code in the file /news-details.php. The...

CVE-2024-46765

In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in icexdp is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same...

DEBIAN-CVE-2024-46740

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...

UBUNTU-CVE-2024-46764

In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection If the length of the name string is 1 and the value of name0 is NULL byte, an OOB vulnerability occurs in btfnamevalidsection and the return value is true, so the invalid nam...

UBUNTU-CVE-2024-46740

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...

KLA73441 PE vulnerability in Microsoft Apps

An elevation of privilege vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2024-38183 Related products GroupMe CVE list CVE-2024-38183 critical Solution Install necessary updates from the KB section, that are...

CVE-2024-46691

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Move unregister out of atomic section Commit '9329933699b3 "soc: qcom: pmicglink: Make client-lock non-sleeping"' moved the pmicglink client list under a spinlock, as it is accessed by the rpmsg/glink callback,...

CVE-2024-46691 usb: typec: ucsi: Move unregister out of atomic section

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Move unregister out of atomic section Commit '9329933699b3 "soc: qcom: pmicglink: Make client-lock non-sleeping"' moved the pmicglink client list under a spinlock, as it is accessed by the rpmsg/glink callback,...

Important: Red Hat Security Advisory: python3-setuptools security update

An update for python3-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2024-44851

A stored cross-site scripting XSS vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-4465

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make...

CVE-2024-4465

CVE-2024-4465 describes an access control vulnerability in the Reports section of Guardian/CMC prior to version 24.2.0. A logged-in user with reporting privileges can discover a method to create a specific application request and make limited changes to the reporting configuration, risking partia...