Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

Exploit for CVE-2024-1208

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

CVE-2021-47541

In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: Fix an use-after-free bug in mlx4entryallocresources In mlx4entryallocresources, mlx4encopypriv is called and tmp-txcq will be freed on the error path of mlx4encopypriv. After that mlx4enallocresources is called and...

DEBIAN-CVE-2021-47542

In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic83xxaddrings In qlcnic83xxaddrings, the indirect function of ahw-hwops-allocmbxargs will be called to allocate memory for cmd.req.arg, and there is a dereference of it ...

GHSA-G3Q2-VCJQ-RGRC Blackprint @blackprint/engine Prototype Pollution issue

A Prototype Pollution issue in Blackprint @blackprint/engine 0.8.12 through 0.9.1 allows an attacker to execute arbitrary code via the utils.setDeepProperty function of engine.min.js...

Exploit for Server-Side Request Forgery in Resf Rocky_Linux

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

GHSA-3G43-XFRW-PV5M eZ Platform User data disclosure

In eZ Platform v2.3.x it is possible to bypass permission checks in a particular case. This means user data such as name and email but not passwords or password hashes can be read by unauthenticated users. This affects only v2.3.x. If you use v2.2.x or older you are not affected. To install, use...

eZ Platform User data disclosure

In eZ Platform v2.3.x it is possible to bypass permission checks in a particular case. This means user data such as name and email but not passwords or password hashes can be read by unauthenticated users. This affects only v2.3.x. If you use v2.2.x or older you are not affected. To install, use...

GHSA-C9CP-9C75-9V8C containerd started with non-empty inheritable Linux process capabilities

Impact A bug was found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

containerd started with non-empty inheritable Linux process capabilities

Impact A bug was found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

numad bug fix and enhancement update

An update is available for numad. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4...

SUSE-SU-2024:1490-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smcsock bsc1220466. - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi...

CVE-2024-27070 f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fsfilemapfault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fsfilemapfault+0xd1/0x2c0 fs/f2fs/file.c:49 Read of size 8 at addr ffff88807bb22680 by task...

CVE-2024-26937

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

SUSE-SU-2024:1465-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36780: Fixed a reference leak when pmruntimegetsync fails in i2c bsc1220556. - CVE-2020-36781: Fixed reference leak when pmruntimegetsync fails in i2c/im...

AZL-40068 CVE-2024-3096 affecting package php for versions less than 8.1.28-1

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

PT-2024-24741

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.0 Description The issue concerns the default function not respecting the @nonreentrancy decorator, and the lock not being emitted. This is a known bug with low impact, as using a lock on a default function is a...

Nginx 1.25.5 Host Header Validation

Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering rules exists there. The ngxhttpvalidatehost function is responsible for filtering...

Nginx 1.25.5 Host Header Validation Vulnerability

Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice. Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering...