CVE-2024-26998

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

CVE-2024-26998 serial: core: Clearing the circular buffer before NULLifying it

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

CVE-2024-26958 nfs: fix UAF in direct writes

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

CVE-2024-26958

CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...

CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

CVE-2024-26939 drm/i915/vma: Fix UAF on destroy against retire race

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. 161.359441 ODEBUG: free active...

Fedora 39 : python-aiohttp (2024-e0057e6044)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0057e6044 advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not refreshing the asynchronous PF work queue when the vCPU is destroyed...

Fedora 38 : python-aiohttp (2024-f34786d26f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f34786d26f advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

kernel: tls: race between tx work scheduling and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete, which could lead to undefined behavior and a denial of service...

kernel: ice: Block switchdev mode when ADQ is active and vice versa

In the Linux kernel, the following vulnerability has been resolved: ice: Block switchdev mode when ADQ is active and vice versa ADQ and switchdev are not supported simultaneously. Enabling both at the same time can result in nullptr dereference. To prevent this, check if ADQ is active when changi...

DEBIAN-CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

UBUNTU-CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

PT-2024-24615 · Znuny +1 · Znuny +2

Name of the Vulnerable Software and Affected Versions: Znuny LTS versions 6.5.1 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Recommendations: For Znuny LTS...

Fedora 40 : c-ares (2024-9963d77dcb)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9963d77dcb advisory. 1.28.1 fixes a significant bug in 1.28.0. ---- Update to 1.28.0. Also fixes CVE-2024-25629. Tenable has extracted the preceding description block directly fr...

PT-2024-22403 · WordPress · Wpc Composite Products

Name of the Vulnerable Software and Affected Versions: WPC Composite Products for WooCommerce plugin for WordPress versions up to, and including, 7.2.7 Description: The issue arises from insufficient input sanitization and output escaping, along with missing authorization on the ajax save...

SUSE CVE-2024-26925

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend, otherwise, async GC worker could collect expired...

WordPress plugin WooCommerce Customers Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

DEBIAN-CVE-2023-48184

QuickJS before 7414e5f has a quickjs.h JSFreeValueRT use-after-free because of incorrect garbage collection of async functions with closures...

[SECURITY] Fedora 40 Update: c-ares-1.28.1-1.fc40

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...