PT-2024-20926 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in the "setup.php" endpoint. Recommendations: For Flatpre...

Malicious code in setup-specmatic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 37056a566edf4edb22af5350f7710d850797b914acbc38bfce3554f44db61d86 The OpenSSF Package Analysis project identified 'setup-specmatic' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-8985 Malicious code in setup-specmatic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 37056a566edf4edb22af5350f7710d850797b914acbc38bfce3554f44db61d86 The OpenSSF Package Analysis project identified 'setup-specmatic' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...

kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment

A vulnerability was found in the Linux kernel's nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes...

kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

A flaw was found in the Linux kernel in which a system crash can occur if there are certain errors establishing RPC-over-RDMA connections...

kernel: mm/sparsemem: fix race in accessing memory_section->usage

A race condition was found on a PFN in the Linux Kernel, which can fall into the device memory region with the system memory configuration. Normal zone start and end PFNs contain the device memory PFNs as well, and the compaction triggered will try on the device memory PFNs and end up in NOP. Thi...

CVE-2024-8758 Quiz and Survey Master (QSM) < 9.1.3 - Author+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8758

CVE-2024-8758 affects the Quiz and Survey Master (QSM) WordPress plugin prior to version 9.1.3. The issue is stored XSS caused by insufficient sanitization/escaping of settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfiltered_html is disallowed (e.g...

Malicious code in bo3to (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 131072b5bfcd4ce6218aaec66423046b83d0e49904d5992b26192daa201421bd During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in botoceor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bf39054053dfe99fc83c836bb407659d11241cc09f2572a72524d980b9c5914 During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

SUSE CVE-2024-46760

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtwrxfillrxstatus on hw object and/or its fields because initialization routine can start getting USB replie...

CVE-2024-46765

In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in icexdp is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same...

CVE-2024-46795

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

CVE-2024-46765

In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in icexdp is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same...

UBUNTU-CVE-2024-46760

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtwrxfillrxstatus on hw object and/or its fields because initialization routine can start getting USB replie...

CVE-2024-46795 ksmbd: unset the binding mark of a reused connection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

CVE-2024-46765

CVE-2024-46765 (Linux kernel) vulnerability in the ice driver relates to race conditions between XDP setup and PF reset paths. The issue arose because ice_xdp() and ice_vsi_rebuild()/PF reset code accessed shared resources without proper synchronization, risking a NULL pointer dereference during ...

kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

A flaw was found in the Linux kernel's bpf programs. Under certain conditions, when the kernel attempts to initiate a network connection using the kernelconnect function, it can return a value that causes the cxtcpsetupsocket function to loop. This issue can lead to continuous data writing to the...

The vulnerability of the Setup/Deployment component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Setup/Deployment component of the Windows operating system is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability can allow an attacker to increase their privileges...