5.5
CVE-2024-50146 - net/mlx5e: Don't call cleanup on profile rollback failure
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile->cleβ¦
5.5
CVE-2024-50140 - sched/core: Disable page allocation in task_tick_mm_cid()
In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function called from invalid β¦
5.5
CVE-2024-50169 - vsock: Update rx_bytes on read_skb()
In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb() Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() calls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) after vsock_transport::read_skb(). While here, alsoβ¦
5.3
CVE-2024-10928 - MonoCMS Posts Page opensaved.php cross site scripting
A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scriptiβ¦
5.3
CVE-2024-10927 - MonoCMS Account Information Page account.php cross site scripting
A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch tβ¦
7.3
CVE-2024-50340 - Ability to change environment from query in symfony/runtime
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode usedβ¦
3.1
CVE-2024-50341 - Security::login does not take into account custom user_checker in symfony/security-bundle
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading β¦
3.1
CVE-2024-50342 - Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enuβ¦
3.1
CVE-2024-50343 - Incorrect response from Validator when input ends with `\n` in symfony/validator
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses thβ¦
5.3
CVE-2024-10926 - IBPhoenix ibWebAdmin Tabelas Section toggle_fold_panel.php cross site scripting
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated β¦