CVE-2024-43906 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/admgpu: fix dereferencing null pointer context
When user space sets an invalid ta type, the pointer context will be empty.
So it need to check the pointer context before using it
EPSS Score: 0.04%
January 18th, 2025 (6 months ago)
|
CVE-2024-42225 |
Description: In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: replace skb_put with skb_put_zero
Avoid potentially reusing uninitialized data
EPSS Score: 0.05%
January 18th, 2025 (6 months ago)
|
CVE-2024-42151 |
Description: In the Linux kernel, the following vulnerability has been resolved:
bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first
parameter of the test_1() function. Mark this parameter as nullable to
make verifier aware of such possibility.
Otherwise, NULL check in the test_1() code:
SEC("struct_ops/test_1")
int BPF_PROG(test_1, struct bpf_dummy_ops_state *state)
{
if (!state)
return ...;
... access state ...
}
Might be removed by verifier, thus triggering NULL pointer dereference
under certain conditions.
EPSS Score: 0.04%
January 18th, 2025 (6 months ago)
|
CVE-2024-29415 |
Description: The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
EPSS Score: 0.06%
January 18th, 2025 (6 months ago)
|
CVE-2024-0690 |
Description: An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
EPSS Score: 0.05%
January 18th, 2025 (6 months ago)
|
![]() |
Description: Summary
The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API.
Details
SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn't obvious to me if it were the case.
PoC
Login with group claims, logout, remove the user from a group from at IdP and log in again, the API still grants access and the new list of groups is appended creating meaningless duplicate entries and no longer mathing the expected groups from the IdP. The behavior can be verified by seeing the API or UI still presenting images it should not or by viewing the data directly: bbolt get meta.db UserData <user>, eg:
Note this example also has duplicates due to group hierarchy changes that were left in the database.
Impact
Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP.
References
https://github.com/project-zot/zot/security/advisories/GHSA-c9p4-xwr9-rfhx
https://github.com/project-zot/zot/commit/002ac62d8a15bf0cba010b3ba7bde86f9837b613
https://github.com/advisories/GHSA-c9p4-xwr9-rfhx
January 17th, 2025 (6 months ago)
|
![]() |
Description: Genshin Impact developer Cognosphere (aka Hoyoverse) has agreed to a $20 million settlement with the U.S. Federal Trade Commission (FTC) over its gacha loot box monetization and is now banned from selling them to teens under the age of sixteen without parental consent. [...]
January 17th, 2025 (6 months ago)
|
![]() |
Description: Impact
KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML.
Patches
Upgrade to KaTeX v0.16.21 to remove this vulnerability.
Workarounds
Avoid use of or turn off the trust option, or set it to forbid \htmlData commands.
Forbid inputs containing the substring "\\htmlData".
Sanitize HTML output from KaTeX.
Details
\htmlData did not validate its attribute name argument, allowing it to generate invalid or malicious HTML that runs scripts.
For more information
If you have any questions or comments about this advisory:
Open an issue or security advisory in the KaTeX repository
Email us at [email protected]
References
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546
https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c
https://github.com/advisories/GHSA-cg87-wmx4-v546
January 17th, 2025 (6 months ago)
|
![]() |
Description: The Supreme Court has affirmed TikTok's ban in the US, which has its users in revolt and is creating a whole new set of national cybersecurity concerns.
January 17th, 2025 (6 months ago)
|
![]() |
January 17th, 2025 (6 months ago)
|