CVE-2024-21482
published 2024-07-01CVE-2024-21482: Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.11%
1.5th percentile
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
Affected
69 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
ghsa·2024-08-19
CVE-2024-43401 [CRITICAL] CWE-269 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
### Impact
A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor.
The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content.
The payload is executed at edit time.
### Patches
This vulnerability has been patched in XWiki 15.10RC1.
### Workarounds
No workaround. It is advised to upgrade to XWiki 15.10+.
### References
* https://jira.xwiki.org/browse/XWIKI-20331
* https://jira.xwiki.org/browse/XWIKI-21311
* https://jira.xwiki.org/browse/XWIKI-21481
* https://jira.xwiki.org/browse/XWIKI-21482
* https://jira.xwiki.org/browse/XWIKI-21483
*
GHSA
GHSA-76v8-gv3f-gh6x: Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image
ghsa_unreviewed·2024-07-01
CVE-2024-21482 [MEDIUM] CWE-119 GHSA-76v8-gv3f-gh6x: Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image
Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-01
Published