PT-2024-18090 · WordPress · Wpify Woo Czech

Name of the Vulnerable Software and Affected Versions: WPify Woo Czech plugin versions up to, and including, 4.0.8 Description: The issue allows unauthorized access to data due to a missing capability check on the maybe send to packeta function. This makes it possible for unauthenticated attacker...

zephyr Security Breach

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in zephyr 3.5 and earlier versions, which stems from a signed to unsigned conversion issue in esp32ipmsend...

OESA-2024-1112 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c.CVE-2023-46343 In the Linux kernel before 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c has a...

OESA-2024-1113 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c.CVE-2023-46343 In the Linux kernel before 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c has a...

The vulnerability of the send_acknowledge() function in the net/nfc/nci/spi.c module of the Linux kernel allows a intruder to trigger a service failure.

The vulnerability of the NCI protocol implementation in Linux operating systems is related to the handling of the zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

kernel: sctp: check send stream number after wait_for_sndbuf

In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc out stream count may change after waitforsndbuf. When the main thread in the client starts a connection, if its out stream count is...

In the Linux kernel before 6.5.9 there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.

...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

SUSE CVE-2023-46343

In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c...

GHSA-W59H-378F-2FRM Unsound sending of non-Send types across threads in threadalone

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

Unsound sending of non-Send types across threads in threadalone

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

DEBIAN-CVE-2023-46343

In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c...

CVE-2023-46343

In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c...

PT-2024-19407 · Unknown · Whoogle Search

Name of the Vulnerable Software and Affected Versions: Whoogle Search versions 0.8.3 and prior Description: Whoogle Search is a self-hosted metasearch engine. The element method in app/routes.py does not validate the user-controlled src type and element url variables and passes them to the send...

CVE-2023-6520

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the sendbackupcodesemail function. This makes it possible for unauthenticated...

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

Design/Logic Flaw

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

Malicious code in gh-action-send-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4f6d4e13a5a1a14537f878bfa2d4490b5606649326d77d4b88e205a010f124b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-73 Malicious code in gh-action-send-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4f6d4e13a5a1a14537f878bfa2d4490b5606649326d77d4b88e205a010f124b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-6042

Any unauthenticated user may send e-mail from the site with any title or content to the admin...