PT-2024-10184 · D Link · Dir-816A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816A2 version 1.10CNB05 R1B011D88210 Description: The issue is related to an access control problem in the form2PortriggerRule.cgi component, allowing unauthenticated attackers to set the port trigger of the device via a crafted PO...

The vulnerability of the nl80211 component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the nl80211 component in the Linux operating system’s kernel is related to errors in reading beyond the boundary in the nl80211triggerscan function. Exploiting this vulnerability can allow a hacker to cause a service failure...

pam: libpam: Libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

The vulnerability of the ceph kernel component in the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the ceph kernel component in the Linux operating system is related to the lack of memory release after the effective lifespan of the component. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-38920

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter/amcl maxbeams...

CVE-2024-53856 rPGP Panics on Malformed Untrusted Input

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1...

The vulnerability of Linux operating system’s DRM/MSM components, which allows a hacker to trigger a service failure

The vulnerability of DRM/SMM components in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow a hacker to cause service failures...

Siemens Unlocked JTAG Interface / Buffer Overflow

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unlocked JTAG interface and buffer overflow product: Siemens SM-2558 Protocol Element extension module for Siemens SICAM AK3/TM/BC, Siemens CP-2016 & CP-2019 vulnerable...

The vulnerability of the sched/psi components in Linux kernel allows a hacker to elevate their privileges within the system.

The vulnerabilities of the sched/psi components can be exploited through incorrect usage after being released in the psitriggerdestroy function. Exploiting these vulnerabilities could allow attackers to gain elevated privileges within the system...

The vulnerability of the scarlett2 component in the Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability of the scarlett2 component in the Linux operating system is related to improper error handling. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability in the bridge_wireless_main.cgi script of the Netgear XR300 router’s software allows a hacker to induce a service failure.

The vulnerability in the bridgewirelessmain.cgi script of the Netgear XR300 router software lies in the copying of buffers without checking the size of the input data during the processing of the passphrase parameter. Exploiting this vulnerability allows a malicious actor to cause a service failu...

PT-2024-16666 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.107 Description: The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted...

CVE-2024-51564

A guest can trigger an infinite loop in the hda audio driver...

kernel: sched/psi: use kernfs polling functions for PSI trigger polling

A use-after-free vulnerability was found in the Linux kernel's PSI Pressure Stall Information trigger handling for cgroups. When a cgroup is removed while a process is polling its PSI trigger file, the trigger's waitqueue is destroyed via psitriggerdestroy while the polling process still holds a...

kernel: tracing/trigger: Fix to return error if failed to alloc snapshot

In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix registersnapshottrigger to return error code if it failed to allocate a snapshot instead of 0 success. Unless that, it will register snapshot trigger without an...

SUSE CVE-2024-50147

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGEPAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGEPAGES. In addition,...

The vulnerability of the vfio component in the Linux operating system’s kernel allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the vfio component in the Linux operating system’s kernel is related to improper error handling in the vfiofslmcsetirqtrigger function. Exploiting this vulnerability can allow an attacker to trigger a Denial-of-Service Attack DoS...

The vulnerability of the Intel Raid Web Console web console, related to deficiencies in access control, allows a intruder to trigger a service failure.

The vulnerability of the Intel Raid Web Console web console relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

UBUNTU-CVE-2024-50147

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGEPAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGEPAGES. In addition,...

CVE-2024-50147 net/mlx5: Fix command bitmask initialization

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGEPAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGEPAGES. In addition,...