CVE-2024-43208

Missing Authorization vulnerability in Matt Miller Send Emails with Mandrill send-emails-with-mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through = 1.4.1...

CVE-2024-43208

CVE-2024-43208 describes a Missing Authorization vulnerability in the WordPress plugin Send Emails with Mandrill (Miller Media). Affected versions are 1.4.1 and earlier, with exploitability stemming from misconfigured access control. Public sources in the Connected documents explicitly identify t...

PT-2024-30370 · Unknown · Send Emails With Mandrill

Name of the Vulnerable Software and Affected Versions: Send Emails with Mandrill versions 1.4.1 and earlier Description: The issue affects the Send Emails with Mandrill plugin due to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security...

PT-2024-33679 · Oak · Oak

Name of the Vulnerable Software and Affected Versions: oak versions prior to 17.1.3 Description: The issue allows an attacker to bypass the default restriction on transferring hidden files using the Context.send API by encoding / as its URL encoded form %2F. This can potentially lead to reading...

kernel: mptcp: ensure snd_nxt is properly initialized on connect

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

CVE-2024-7472

CVE-2024-7472 affects lunary-ai/lunary v1.2.26, exposing an email injection vulnerability in the /v1/users/send-verification and /auth/signup endpoints. The root cause is bypassing the extractFirstName function by using an alternate whitespace character (e.g., \xa0), enabling data to be injected ...

CVE-2024-9686 Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...

SUSE CVE-2024-49869

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 "btrfs: send: annotate struct namecacheentry with countedby" we annotated the variable length array "name" from the...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-37383-POC Proof of concept for CVE-2024-37383 Int...

SUSE CVE-2023-52919

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in sendacknowledge Handle memory allocation failure from nciskballoc calling allocskb to avoid possible NULL pointer dereference...

CVE-2024-49869

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 "btrfs: send: annotate struct namecacheentry with countedby" we annotated the variable length array "name" from the...

UBUNTU-CVE-2023-52919

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in sendacknowledge Handle memory allocation failure from nciskballoc calling allocskb to avoid possible NULL pointer dereference...

DEBIAN-CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

UBUNTU-CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

UBUNTU-CVE-2024-50035

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...

DEBIAN-CVE-2024-49869

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 "btrfs: send: annotate struct namecacheentry with countedby" we annotated the variable length array "name" from the...