CVE-2022-48935 netfilter: nf_tables: unregister flowtable hooks on netns exit

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nftablesflowtabledestroy otherwise hook core reports UAF. BUG: KASAN: use-after-free in...

CVE-2022-48925

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside state checks If the state is not idle then resolvepreparesrc should immediately fail and no change to global state should happen. However, it unconditionally overwrites the srcad...

CVE-2022-48925

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside state checks If the state is not idle then resolvepreparesrc should immediately fail and no change to global state should happen. However, it unconditionally overwrites the srcad...

CVE-2022-48925 RDMA/cma: Do not change route.addr.src_addr outside state checks

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside state checks If the state is not idle then resolvepreparesrc should immediately fail and no change to global state should happen. However, it unconditionally overwrites the srcad...

CVE-2022-48912 netfilter: fix use-after-free in __nf_register_net_hook()

In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in nfregisternethook We must not dereference @newhooks after nfhookmutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-36901)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36901 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in...

Virtuozzo Hybrid Infrastructure 6.2 Update 1 (6.2.1-51)

In this release, Virtuozzo Hybrid Infrastructure provides stability and performance improvements, as well as addresses issues found in previous releases. Vulnerability id: VSTOR-68405 Failed to deploy the compute cluster due to an issue with the default storage policy. Vulnerability id: VSTOR-880...

CVE-2022-48869

CVE-2022-48869 concerns the Linux kernel gadgetfs USB driver. The issue arises from a race between gadgetfs_fill_super() (mount path) and gadgetfs_kill_sb() (unmount path), where the_device could be deallocated while gadgetfs_fill_super() still uses it, resulting in a use-after-free. The provided...

CVE-2024-43261

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1...

CVE-2024-43261

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1...

CVE-2024-43261 WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1...

CVE-2024-43261 WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1...

CVE-2024-43261

CVE-2024-43261 affects the Compute Links WordPress plugin. The vulnerability is an Unauthenticated Remote File Inclusion caused by improper control of filenames in include/require statements in PHP. Affected versions are listed as “from n/a through 1.2.1.” The CVSS v3.1 base score is 9.6 (Attack ...

CVE-2024-42266

A flaw was found in the btrfs module in the Linux kernel. Improper locking can occur due to an improper handling of error conditions, causing a kernel panic and resulting in a denial of service...

WordPress plugin Compute Links 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-43817

In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...

CVE-2024-43817

The CVE CVE-2024-43817 describes a Linux kernel vulnerability in the virtio_net path: two missing checks in virtio_net_hdr_to_skb() can trigger a crash. The issues arise when after skb_segment the buffer remains non-linear (nr_frags != 0) and SKBTX_SHARED_FRAG is not set, preventing __skb_lineari...

CVE-2024-25008

Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for examp...

CVE-2024-25008

Ericsson RAN Compute and Site Controller 6610 is affected by an Improper Input Validation vulnerability that can lead to arbitrary code execution, including obtaining a Linux shell with attacker privileges. The issue affects Ericsson RAN Compute and Site Controller 6610 software, with exploitatio...

PT-2024-20697 · Ericsson · Ericsson Ran Compute/Site Controller 6610

Name of the Vulnerable Software and Affected Versions: Ericsson RAN Compute and Site Controller 6610 versions prior to 24.Q2 Description: The issue is related to improper input validation in the Control System, which can lead to arbitrary code execution. For example, it can be used to obtain a...