CVE-2024-56761 x86/fred: Clear WFE in missing-ENDBRANCH #CPs

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH CPs An indirect branch instruction sets the CPU indirect branch tracker IBT into WAITFORENDBRANCH WFE state and WFE stays asserted across the instruction boundary. When the decoder finds a...

php: Filter bypass in filter_var (FILTER_VALIDATE_URL)

A flaw was found in PHP. An early return in the filtervar FILTERVALIDATEURL function results in invalid user information username + password part of URLs being treated as valid user information. This issue impacts users who expect only completely valid URLs to be returned by filtervar...

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

curl: -H with space prefix leads to previous header injection when used with --proxy

Summary: Hi team, I hope you're doing well. Recently I came accross this weird curl behavior where -H "spaceheader: value" would inject the header in the previous HTTP header. Tried it on mac OS Sequoia 15.1 with curl version curl 8.11.0 aarch64-apple-darwin24.1.0 libcurl/8.11.0 OpenSSL/3.4.0...

curl: Arbitrary File Deletion Vulnerability in curl Source Code via os.unlink()

Summary: The curl source code's testing scripts contain instances where the os.unlink function is used to delete files without validating the input file paths. This introduces a risk of arbitrary file deletion when these scripts are executed with malicious or manipulated inputs. Although the...

Linux 6.6 Race Condition Exploit

A security-relevant race between mremap and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering...

CVE-2024-11034 Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

Linux 6.6 Race Condition

Summary I found a security-relevant race between mremap and THP code. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the...

OSV-2024-1311 Security exception in java.base/java.util.Arrays.copyOfRange

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=378836879 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange java.base/java.lang.StringUTF16.newString java.base/java.lang.StringBuilder.toString...

CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

CVE-2024-11067

creationtimestamp| type| source ---|---|--- 2024-11-11 08:12:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113463310423022630 2024-11-11 10:15:02+00:00| seen| https://t.me/cvedetector/10482 2024-11-13 16:42:10+00:00| seen| https://mstdn.ca/users/rfwaveio/statuses/113476640532735205...

SUSE CVE-2024-45802

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted...

qt5-webengine -- Use after free in Serial

Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-10827: Use after free in Serial...

CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone Since commit 946fa0dbf2d8 "mm/slub: extend redzone check to extra allocated kmalloc space than requested", setting origsize treats the wasted space objectsize - origsize as a redzone. Howev...

CVE-2024-49883 ext4: aovid use-after-free in ext4_ext_insert_extent()

In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4extinsertextent As Ojaswin mentioned in Link, in ext4extinsertextent, if the path is reallocated in ext4extcreatenewleaf, we'll use the stale path and cause UAF. Below is a sample trace with dumm...

CVE-2024-47813

CVE-2024-47813 is a race-condition bug in Wasmtime where concurrent creation/dropping of types (e.g., FuncType, ArrayType) on a shared wasmtime::Engine can cause double-unregistration, potentially corrupting the internal type registry and violating WebAssembly CFI and type safety. The issue arise...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48911: kabi: add nfqueuegetrefs for kabi compliance. bsc1229633. CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment bsc1229662...

RHSA-2021:5085 Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update

Bulletin has no description...

CVE-2024-46824

Summary (CVE-2024-46824) The connected MiracleLinux/MiracleLinux AXSA advisory AXSA:2024-9508:43 for MiracleLinux 9 ( kernel 5.14.0-503.14.1.el9_5 ) explicitly lists CVE-2024-46824 among the vulnerabilities. The advisory notes that the issue affects iommufd: drivers must supply the cache_invalida...

kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing

No description is available for this CVE...