UBUNTU-CVE-2022-48790

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed...

SUSE CVE-2024-40943

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2diowrgetblock", fstests/generic/300 become from always failed to sometimes failed:...

SUSE CVE-2024-40983

In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 "xfrm: Force a dst refcount before entering the xfrm type handlers": "Crypto requests might return asynchronous. In this case we leave the rcu...

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

DEBIAN-CVE-2024-40943

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2diowrgetblock", fstests/generic/300 become from always failed to sometimes failed:...

UBUNTU-CVE-2024-40943

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2diowrgetblock", fstests/generic/300 become from always failed to sometimes failed:...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition issue in the ocfs2 filesystem when handling AIO+DIO with hole-punching operations,...

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

WordPress plugin ProfileGrid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Exploit for Improper Privilege Management in Progress Whatsup_Gold

CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escala...

WordPress Just Custom Fields plugin <= 3.3.2 - Cross-Site Request Forgery via AJAX actions vulnerability

Cross-Site Request Forgery via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...

WordPress plugin Just Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37195 · WordPress · Comment Images Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...

PT-2024-29200 · WordPress · Pricing Table

Name of the Vulnerable Software and Affected Versions: Pricing Table plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax function. This allows unauthenticated attackers t...

WordPress plugin Just Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

kernel: crypto: qat - resolve race condition during AER recovery

A race condition was found in drivers/crypto/intel/qat/qatcommon/adfaer.c in the Linux kernel during AER recovery...

ROS-20240704-07

A vulnerability in the parseQuery function of the Webpack loader-utilss package is related to improperly controlled modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary JavaScript code Ansi-regex ANSI...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Proof of Concept PoC Description This rep...

CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31147)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31147 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom a...

Moderate: Red Hat Security Advisory: libuv security update

An update for libuv is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...