CVE-2024-3283

CVE-2024-3283 concerns mintplex-labs/anything-llm. A mass-assignment flaw in the /admin/system-preferences endpoint lets users with the Manager role modify the multi_user_mode variable, enabling access to /api/system/enable-multi-user and the creation of a new admin user. The root cause is the en...

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are...

CVE-2024-29905

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...

CVE-2024-29905 DIRAC: Unauthorized users can read proxy contents during generation

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...

CVE-2024-29905 DIRAC: Unauthorized users can read proxy contents during generation

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...

CVE-2024-29905

Summary: CVE-2024-29905 affects DIRAC prior to version 8.0.41. During the proxy generation process (e.g., dirac-proxy-init), unauthorized users on the same machine could gain read access to the proxy for a sub-millisecond window, enabling actions as if using the original proxy. The issue is mitig...

DIRAC: Unauthorized users can read proxy contents during generation

Impact During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a...

PT-2024-4163 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to improper input validation in the Dell BIOS, which can be exploited by a local authenticated malicious user with admin privileges. This exploitation can lead to the...

PT-2024-23855 · Unknown · Instantcms

Name of the Vulnerable Software and Affected Versions: InstantCMS version 2.16.2 Description: A SQL injection issue affects the application, allowing an attacker with administrative privileges to execute unauthorized SQL code. The vulnerability exists in the index chart data action, which receive...

ZoneMinder 安全漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.34.21. A remote attacker can exploit this vulnerability to execute arbitrary code, elevate privileges, a...

PT-2024-22797

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...

CVE-2024-26802

In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether workqueue is not NULL and if so, it is destroyed. Function destroyworkqueue does drain queue and does...

The vulnerability of the CRI-O Container Engine’s application programming interface allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, stems from the ability to add arbitrary strings to the /etc/passwd file using a specially created environment variable. Exploiting this...

BIT-HELM-2024-26147 Helm's Missing YAML Content Leads To Panic

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

CLSA-2024-1711562715 systemd: Fix of CVE-2023-26604

Moved tuxcare patches from 219-78.7.tuxcare.els1 - CVE-2023-26604: use only less as a pager and restrict its functionality e.g stop running external shell unless environment variable SYSTEMDPAGERSECURE is defined...

CVE-2024-28852

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use rule as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use $rule...

UBUNTU-CVE-2024-28852

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use rule as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use $rule...

CVE-2024-26647

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'linksetdscppspacket' In linksetdscppspacket, 'struct displaystreamcompressor dsc' was dereferenced in a DCLOGGERINITdsc-ctx-logger; before the 'dsc' NULL pointer check. Fixes t...

PT-2024-22605 · Ampache · Ampache

Name of the Vulnerable Software and Affected Versions: Ampache versions prior to 6.3.1 Description: Ampache, a web-based audio/video streaming application and file manager, has multiple reflective XSS vulnerabilities. This issue affects all forms in Ampache that use the rule variable, such as whe...

DEBIAN-CVE-2024-26648

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edpsetupreplay In edpsetupreplay, 'struct dc dc' & 'struct dmubreplay replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below:...