3786 matches found
CVE-2022-48726
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
CVE-2021-47588
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...
CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
CVE-2021-47597
In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...
CVE-2021-47597
In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...
CVE-2021-47598
In the Linux kernel, the following vulnerability has been resolved: schcake: do not call cakedestroy from cakeinit qdiscs are not supposed to call their own destroy method from init, because core stack already does that. syzbot was able to trigger use after free: DEBUGLOCKSWARNONlock-magic != loc...
CVE-2021-47588
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...
Sophon and Aethir Partner to Bring Decentralized Compute to The ZK Community
Sophon and Aethir have announced the beginning of a strategic collaboration between the two networks, connecting the 800,000…...
CVE-2021-47588 sit: do not call ipip6_dev_free() from sit_init_net()
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...
UBUNTU-CVE-2024-38571
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference computeinterceptslope is called from calibrate8960 in tsens-8960.c as computeinterceptslopepriv, p1, NULL, ONEPTCALIB which lead to null pointer dereference if DEBUG or...
CVE-2024-38571
CVE-2024-38571 affects the Linux kernel tsens (thermal/drivers/tsens). Root cause: compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) is invoked from calibrate_8960() (tsens-8960.c), which can dereference a NULL pointer if DEBUG or DYNAMIC_DEBUG is set. The bug is fixed by adding a NULL pointe...
CVE-2024-36979 net: bridge: mst: fix vlan use-after-free
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage1 in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path br forward delay...
CVE-2024-5906
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5906
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5906
The CVE concerns Palo Alto Networks Prisma Cloud Compute. It describes a Stored Cross-Site Scripting (XSS) vulnerability in the web interface that is exploitable by a malicious administrator who has add/edit permissions for identity providers. The underlying issue allows the attacker to store a J...
CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...
PT-2024-37237 · Palo Alto Networks · Palo Alto Networks Prisma Cloud Compute
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Prisma Cloud Compute affected versions not specified Description: A cross-site scripting XSS issue allows a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the we...