30457 matches found
PT-2024-6624 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions up to 128.0.2739.42 Description: The issue is related to type confusion errors, which can be exploited by a remote attacker to execute arbitrary code. This can potentially lead to remote code execution...
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Summary Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. Patches Please update to 4.4.13 or 5.1.1 or later. Workarounds None References https://owasp.org/www-project-top-ten/2017/A72017-Cross-SiteScriptingXSS...
CVE-2024-45298
Wiki.js exposes an authentication bypass where a disabled user can regain access by abusing the password reset flow. Affected: Wiki.js 2.5.303. Root cause: password reset handling allows access despite disabled status. Remediation: upgrade to version 2.5.304 (or later). No additional exploit deta...
CVE-2024-46789
In the Linux kernel, the following vulnerability has been resolved: mm/slub: add check for s-flags in the alloctaggingslabfreehook When enable CONFIGMEMCG & CONFIGKFENCE & CONFIGKMEMLEAK, the following warning always occurs,This is because the following call stack occurred: mempoolalloc...
CVE-2024-46761 pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnvphp: Fix hotplug driver crash on Powernv The hotplug driver for powerpc pci/hotplug/pnvphp.c causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because...
CVE-2024-46730
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tginst won't be -1 WHY & HOW tginst will be a negative if timinggeneratorcount equals 0, which should be checked before used. This fixes 2 OVERRUN issues reported by Coverity...
CVE-2024-46720
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use...
CVE-2024-45811 server.fs.deny bypassed when using ?import&raw in vite
Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it...
CVE-2024-45605 Improper authorization on deletion of user issue alert notifications in sentry
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert...
RHSA-2018:2097 Red Hat Security Advisory: patch security update
Bulletin has no description...
RHSA-2023:0854 Red Hat Security Advisory: kernel-rt security and bug fix update
Bulletin has no description...
RHSA-2018:1188 Red Hat Security Advisory: java-1.8.0-openjdk security update
Bulletin has no description...
CGA-Q4H9-P729-MRPX
Bulletin has no description...
RHSA-2017:2683 Red Hat Security Advisory: kernel security update
Bulletin has no description...
RHSA-2016:1301 Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2010:0986 Red Hat Security Advisory: java-1.4.2-ibm-sap security update
Bulletin has no description...
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2. A patched version of the package is available...
PT-2024-6332
Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.39 Spring Framework versions 6.0.0 through 6.0.23 Spring Framework versions 6.0.24 through 6.1.12 Spring Framework versions 6.1.13 and earlier Description The vulnerability is related to path travers...
Updated microcode package fix security vulnerabilities
Improper isolation in the IntelR CoreTM Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-42667 Improper isolation in some IntelR Processors stream cache mechanism may allow an authenticated user to...
filelock: fix potential use-after-free in posix_lock_inode
...