CVE-2024-44960 usb: gadget: core: Check for unset descriptor

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for...

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a post-release reuse issue in the mtkwedsetuptcblockcb function of the net: ethernet: mtkwed component tha...

CVE-2024-45391 Tina search token leak via lock file in TinaCMS

Tina is an open-source content management system CMS. Sites building with Tina CMS's command line interface CLI prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file tina-lock.json. Administrators of Tina-enabled websites with search setup...

Telerik Report Server Auth Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telerik Report Server Auth Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in Telerik Report Server...

HP Data Protector 6.1 EXEC_CMD Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Data Protector 6.1 EXECCMD Command Execution', 'Description' = %q This module exploits HP Data Protector's omniinet process, specifically...

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-43895

A vulnerability was found in the Linux kernel’s AMD display driver, which caused a NULL pointer dereference during the setup of Multi-Stream Transport MST and Display Stream Compression DSC. This issue occurred when the driver attempted to recompute DSC parameters without an active stream on the...

ELECOM多款产品 安全漏洞

ELECOM WRC-X3000GS2-W and others are products of ELECOM Corporation.ELECOM WRC-X3000GS2-W is a wireless router.ELECOM WRC-X3000GS2-B is a gigabit router.ELECOM WRC-X3000GS2A-B is a gigabit router. A security vulnerability exists in several ELECOM products, which originates from mishandling of inp...

CVE-2024-43895

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-43895

...

CVE-2024-43895

CVE-2024-43895 relates to the Linux kernel DRM/AMD display path, specifically a NULL pointer dereference when recomputing DSC parameters if no stream is on the link during MST+DSC setup. This can trigger a kernel oops/crash as described in vendor advisories. Connected sources show the issue is ad...

CVE-2024-43895

Removed by vendor...

CVE-2024-43895 drm/amd/display: Skip Recompute DSC Params if no Stream on Link

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link why Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOP...

Malicious code in chatgpt-aitools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78e2fd98e1c4b97347b9ea62a0db52d71e3ab25a8e62eb8340afd4b5b5ab5d94 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2024-12253 Malicious code in dependency00011124931 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8fa6dafeedc48e6511a70676806da412d047f7f235f471a29c98afb9931cbbf2 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in get-time-zzs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32b5c264a16b0327f601265edb8f3d69b915695ab82d184c724d5e79d32d3f11 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in easyioctl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17bb7b2d6ca02c6c077bc420bf4b9136e424f53cf276f61529b19806e5bb5bca Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...