π¨ CVE-2024-39281
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
π@cveNotify
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
π@cveNotify
π¨ CVE-2024-51562
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
π@cveNotify
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
π@cveNotify
π¨ CVE-2024-51563
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
π@cveNotify
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
π@cveNotify
π¨ CVE-2024-51565
The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
π@cveNotify
The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
π@cveNotify
π¨ CVE-2024-51566
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
π@cveNotify
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
π@cveNotify
π¨ CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).
π@cveNotify
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).
π@cveNotify
GitHub
core: fix regression of false positives for processes running in chro⦠· liske/needrestart@42af5d3
β¦ot or mountns (#317)
π¨ CVE-2023-1521
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.
If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.
π@cveNotify
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.
If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.
π@cveNotify
GitHub
CVE-2023-1521 - GitHub Advisory Database
sccache vulnerable to privilege escalation if server is run as root
π¨ CVE-2024-53555
A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.
π@cveNotify
A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.
π@cveNotify
π¨ CVE-2024-11744
A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
π@cveNotify
A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
π@cveNotify
π¨ CVE-2024-11745
A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
hand_kingη Notion on Notion
Tenda AC8v4 route_static_check stack overflow | Notion
Overview
π¨ CVE-2024-43784
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.
π@cveNotify
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.
π@cveNotify
GitHub
Release v1.33.0 Β· treeverse/lakeFS
Changelog
Note:
PLEASE READ CAREFULLY BEFORE UPGRADING TO THIS VERSION!!!
This version removes the built-in ACLs functionality, and might require some users to take action.
Refer to documentation f...
Note:
PLEASE READ CAREFULLY BEFORE UPGRADING TO THIS VERSION!!!
This version removes the built-in ACLs functionality, and might require some users to take action.
Refer to documentation f...
π¨ CVE-2024-50942
qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.
π@cveNotify
qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.
π@cveNotify
π¨ CVE-2024-50270
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: avoid overflow in damon_feed_loop_next_input()
damon_feed_loop_next_input() is inefficient and fragile to overflows.
Specifically, 'score_goal_diff_bp' calculation can overflow when 'score'
is high. The calculation is actually unnecessary at all because 'goal' is
a constant of value 10,000. Calculation of 'compensation' is again
fragile to overflow. Final calculation of return value for under-achiving
case is again fragile to overflow when the current score is
under-achieving the target.
Add two corner cases handling at the beginning of the function to make the
body easier to read, and rewrite the body of the function to avoid
overflows and the unnecessary bp value calcuation.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: avoid overflow in damon_feed_loop_next_input()
damon_feed_loop_next_input() is inefficient and fragile to overflows.
Specifically, 'score_goal_diff_bp' calculation can overflow when 'score'
is high. The calculation is actually unnecessary at all because 'goal' is
a constant of value 10,000. Calculation of 'compensation' is again
fragile to overflow. Final calculation of return value for under-achiving
case is again fragile to overflow when the current score is
under-achieving the target.
Add two corner cases handling at the beginning of the function to make the
body easier to read, and rewrite the body of the function to avoid
overflows and the unnecessary bp value calcuation.
π@cveNotify
π¨ CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
π@cveNotify
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
π@cveNotify
π¨ CVE-2024-11817
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Phpgurukul User Registration & Login and User Management System With admin panel V1.0 /admin/index.php SQL injection Β· Issue #1β¦
Phpgurukul User Registration & Login and User Management System With admin panel V1.0 /admin/index.php SQL injection NAME OF AFFECTED PRODUCT(S) User Registration & Login and User Managemen...
π¨ CVE-2024-5921
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
π@cveNotify
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
π@cveNotify
Amberwolf
Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
AmberWolf Security Research Blog
π¨ CVE-2024-10521
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2024-11025
An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.
π@cveNotify
An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.
π@cveNotify
Certvde
VDE-2024-074 | CERT@VDE
Advisories
π¨ CVE-2023-6190
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Δ°zmir Katip Γelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Δ°zmir Katip Γelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.
π@cveNotify
π¨ CVE-2024-36464
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
π@cveNotify
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
π@cveNotify
π¨ CVE-2024-53603
A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
π@cveNotify
A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
π@cveNotify
GitHub
CVE-wirteup/Phpgurukul/COVID19/SQL Injection vulnerability.pdf at main Β· Santoshcyber1/CVE-wirteup
Contribute to Santoshcyber1/CVE-wirteup development by creating an account on GitHub.