UBUNTU-CVE-2024-53236

In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later...

PT-2024-34399 · Unknown · Smart Agent

Name of the Vulnerable Software and Affected Versions: Smart Agent version 1.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the id parameter in the "/sendPushManually.php" component. This is a SQL injection vulnerability that can be exploited to run arbitrary...

The vulnerability of the bnxt_en component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the bnxten component in the Linux operating system’s kernel is related to the assignment of the NULL pointer in the hwrmsend function. Exploiting this vulnerability can allow an attacker to trigger a service failure...

send: Code Execution Vulnerability in Send Library

A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect function...

CVE-2024-50168

...

PT-2024-36453 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue exists in the /send message teacher to student.php file, allowing remote attackers to execute arbitrary scripts via the my message...

PT-2024-36454 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /send message.php endpoint of the Kashipara E-learning Management System. This issue allows remote attackers to execute...

WordPress plugin myCred 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

kernel: mptcp: ensure snd_nxt is properly initialized on connect

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

SUSE CVE-2024-53059

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwlmvmsendrecoverycmd 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwlmvmsendcmdstatus, which handles...

The vulnerability of the send component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the send component in the Linux operating system’s kernel is related to improper error handling in the iterate inoderef function. Exploiting this vulnerability can allow an attacker to cause a service failure...

UBUNTU-CVE-2024-48896

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site...

Information Exposure

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure via the sendinstantmessages function. An attacker can gain access to user names they should not have access to by exploiting this error message handling. Remediation Upgrade...

Moodle 安全漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that users with the Send Message feature...

The vulnerability in the script htdocs/webinc/body/bsc_sms_send.php of the D-Link DIR-860L, DIR-865L, DIR-868L, DIR-880L routers allows a attacker to execute an XSS attack.

The vulnerability in the script htdocs/webinc/body/bscsmssend.php of the D-Link DIR-860L, DIR-865L, DIR-868L, and DIR-880L routers is related to improper validation of input data. Exploiting this vulnerability allows an attacker to execute XSS attacks through a specially created parameter for the...

kernel: mptcp: ensure snd_una is properly initialized on connect

A vulnerability was found in the Linux kernel's match component in the initialization of the snduna variable while establishing a connection. The issue arises when retransmission occurs after a fallback, leaving the snduna sequence number uninitialized, leading to unpredictable behavior and...

kernel: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()

In the Linux kernel, the following vulnerability has been resolved: bnxten: Adjust logging of firmware messages in case of released token in hwrmsend In case of token is released due to token-state == BNXTHWRMDEFERRED, released token set to NULL is used in log messages. This issue is expected to ...

kernel: ipv4: Fix uninit-value access in __ip_make_skb()

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

K000148479: Linux kernel vulnerability CVE-2023-52881

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guideline...

UBUNTU-CVE-2024-50256

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfrejectipv6: fix potential crash in nfsendreset6 I got a syzbot report without a repro 1 crashing in nfsendreset6 I think the issue is that dev-hardheaderlen is zero, and we attempt later to push an Ethernet header. U...