AZL-40679 CVE-2024-27397 affecting package hyperv-daemons for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

AZL-40546 CVE-2024-27397 affecting package hyperv-daemons for versions less than 6.6.56.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

SUSE CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

RHEL 5 : xsa201_xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xsa201 xen: ARM guests may induce host asynchronous abort XSA-201 CVE-2016-9818 - Xen through 4.7.x allow...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1594)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1572)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-27397 netfilter: nf_tables: use timestamp to check for set element timeout

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

RHEL 8 : nodejs:18 (RHSA-2024:2780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2780 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

DEBIAN-CVE-2022-48675

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

UBUNTU-CVE-2022-48675

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

WordPress plugin Advanced Post Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18325 · WordPress · Analytify – Google Analytics Dashboard For Wordpress

Name of the Vulnerable Software and Affected Versions: The Analytify – Google Analytics Dashboard For WordPress plugin for WordPress versions up to, and including, 5.2.3 Description: The issue allows authenticated attackers with subscriber access or higher to obtain certain sensitive information...

WordPress plugin Control Menu Visibility 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-26998

A vulnerability was found in the Linux kernel's serial core subsystem when handling circular buffers, where the buffer is not properly cleared before being set to NULL. This could lead to data leakage or unexpected behavior. Mitigation Mitigation for this issue is either not available or the...

CVE-2024-26958

A use-after-free flaw was found in fs/nfs/direct.c in the Linux kernel. This may lead to a crash...

CVE-2024-26998

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

CVE-2024-26998

CVE-2024-26998 affects the Linux kernel serial subsystem, specifically the core path handling the circular buffer in the 8250 serial port code. The root cause is a mismatch between the buffer pointer state and head/tail positions during shutdown: the circular buffer is cleared (NULLified) under a...