U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC,...

CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

CVE-2024-47062

Navidrome (

CVE-2024-45307

SudoBot (Discord moderation bot) contains a privilege escalation flaw in the -config command due to missing authorization checks. Any user could update bot configurations and potentially take control of settings on affected installations. Affected versions are all v9 before 9.26.7; v8 and newer 9...

CVE-2024-45307 SudoBot missing authorization check in `-config` command

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...

CVE-2024-45307 SudoBot missing authorization check in `-config` command

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...

CVE-2024-45307 SudoBot missing authorization check in `-config` command

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...

CVE-2024-42278 ASoC: TAS2781: Fix tasdev_load_calibrated_data()

In the Linux kernel, the following vulnerability has been resolved: ASoC: TAS2781: Fix tasdevloadcalibrateddata This function has a reversed if statement so it's either a no-op or it leads to a NULL dereference...

CVE-2024-42278 ASoC: TAS2781: Fix tasdev_load_calibrated_data()

In the Linux kernel, the following vulnerability has been resolved: ASoC: TAS2781: Fix tasdevloadcalibrateddata This function has a reversed if statement so it's either a no-op or it leads to a NULL dereference...

CVE-2024-31882

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614...

CVE-2024-31882

CVE-2024-31882 refers to IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.1 and 11.5, where an authenticated user can trigger a denial of service under certain non-default configurations by sending a specially crafted SQL statement, potentially crashing the server. This risk ...

CVE-2024-31882 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614...

CVE-2024-42161

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...

CVE-2024-42161 bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...

CVE-2024-42161 bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...

OESA-2024-1859 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security...

CVE-2022-48782

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed tracemctpkeyacquirekey; ^ When mctpkeyadd fails, key is freed but then is later used in...

kernel: usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usbgetbosdescriptor' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usbgetbosdescriptor' encounters an iterati...

MAL-2024-1723 Malicious code in account-statement (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...