{

"schema_version": "1.4.0",

"id": "GHSA-x9r9-48rm-4xm6",

"published": "2024-03-18T09:30:30Z",

"aliases": [

"CVE-2024-28125"

],

"database_specific": {

"cwe_ids": [

],

"severity": "CRITICAL",

"github_reviewed": true,

{

"schema_version": "1.4.0",

"id": "GHSA-4483-j8pv-wv4j",

"published": "2022-05-24T22:28:10Z",

"aliases": [

"CVE-2021-28628"

],

"details": "Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.",

"affected": [],

"references": [

{

{

"schema_version": "1.4.0",

"id": "GHSA-85m3-3j3g-mhv6",

"published": "2022-05-24T22:28:25Z",

"aliases": [

"CVE-2021-28625"

],

"details": "Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.",

"affected": [],

"references": [

{

{

"schema_version": "1.4.0",

"id": "GHSA-h4cp-xwqq-m567",

"published": "2022-05-24T19:12:01Z",

"aliases": [

"CVE-2021-28627"

],

"details": "Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction.",

"affected": [],

"references": [

{

}

],

"database_specific": {

"severity": "MODERATE",

"github_reviewed": false,

"github_reviewed_at": null,

{

"schema_version": "1.4.0",

"id": "GHSA-6rw2-3pw4-264h",

"published": "2024-05-17T15:31:10Z",

"aliases": [

"CVE-2024-35836"

],

"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix pin dump crash for rebound module\n\nWhen a kernel module is unbound but the pin resources were not entirely\nfreed (other kernel module instance of the same PCI device have had kept\nthe reference to that pin), and kernel module is again bound, the pin\nproperties would not be updated (the properties are only assigned when\nmemory for the pin is allocated), prop pointer still points to the\nkernel module memory of the kernel module which was deallocated on the\nunbind.\n\nIf the pin dump is invoked in this state, the result is a kernel crash.\nPrevent the crash by storing persistent pin properties in dpll subsystem,\ncopy the content from the kernel module when pin is allocated, instead of\nusing memory of the kernel module.",

"affected": [],

"references": [

{

}

],

"database_specific": {

"github_reviewed": false,

"github_reviewed_at": null,

"nvd_published_at": "2024-05-17T14:15:20Z"

{

"schema_version": "1.4.0",

"id": "GHSA-hchj-593h-jx3r",

"published": "2024-05-17T15:31:09Z",

"aliases": [

"CVE-2024-35800"

],

"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware.",

"affected": [],

"references": [

{

}

],

"database_specific": {

"github_reviewed": false,

"github_reviewed_at": null,

"nvd_published_at": "2024-05-17T14:15:12Z"

],

"database_specific": {

"cwe_ids": [

],

"severity": "HIGH",

"github_reviewed": false,

{

"schema_version": "1.4.0",

"id": "GHSA-x3cp-9cgr-m6gc",

"published": "2024-05-17T15:31:09Z",

"aliases": [

"CVE-2024-35804"

],

"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Mark target gfn of emulated atomic instruction as dirty\n\nWhen emulating an atomic access on behalf of the guest, mark the target\ngfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. This\nfixes a bug where KVM effectively corrupts guest memory during live\nmigration by writing to guest memory without informing userspace that the\npage is dirty.\n\nMarking the page dirty got unintentionally dropped when KVM's emulated\nCMPXCHG was converted to do a user access. Before that, KVM explicitly\nmapped the guest page into kernel memory, and marked the page dirty during\nthe unmap phase.\n\nMark the page dirty even if the CMPXCHG fails, as the old data is written\nback on failure, i.e. the page is still written. The value written is\nguaranteed to be the same because the operation is atomic, but KVM's ABI\nis that all writes are dirty logged regardless of the value written. And\nmore importantly, that's what KVM did before the buggy commit.\n\nHuge kudos to the folks on the Cc list (and many others), who did all the\nactual work of triaging and debugging.\n\nbase-commit: 6769ea8da8a93ed4630f1ce64df6aafcaabfce64",

"affected": [],

"references": [

{

}

],

"database_specific": {

"github_reviewed": false,

"github_reviewed_at": null,

"nvd_published_at": "2024-05-17T14:15:13Z"

{

"schema_version": "1.4.0",

"id": "GHSA-xmjc-7969-ffgm",

"published": "2024-05-17T15:31:10Z",

"aliases": [

"CVE-2024-35834"

],

"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: recycle buffer in case Rx queue was full\n\nAdd missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce\ndescriptor to XSK Rx queue.",

"affected": [],

"references": [

{

}

],

"database_specific": {

"github_reviewed": false,

"github_reviewed_at": null,

"nvd_published_at": "2024-05-17T14:15:20Z"