6512 matches found
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack map overflow...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an update to cpusiblingmap on a non-boot CPU...
PT-2024-21526 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc5+ Description: The issue is related to the LoongArch architecture in the Linux kernel. When disabling non-boot CPUs, the cpu sibling map is not updated correctly, leading to errors on SMT systems, such ...
PT-2024-26837
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a missing lock in the hugetlb code, which can be triggered in an userfault context. This occurs when two threads modify the resv map together, going into an...
PT-2024-40694 · Git +1 · Clamav
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions: cli html normalise, html normalise map, and cli scanhtm...
SUSE CVE-2024-26787
In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIGDMAAPIDEBUGSG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNIN...
CVE-2024-30382
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial o...
SUSE CVE-2024-26816
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the "startupxen" entry point. This information is used prior to booting th...
DEBIAN-CVE-2024-26816
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the "startupxen" entry point. This information is used prior to booting th...
SUSE CVE-2024-26726
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extentmap for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfsholesspacecache. assertion failed: blockstart != EXTENTMAPHOLE, in...
CVE-2024-2226
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This...
CVE-2024-2226
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This...
CVE-2023-6777
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...
CVE-2024-2226 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This...
WordPress Plugin Otter Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-19293 · WordPress · The Otter Blocks – Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the id parameter in the "google-map"...
SUSE CVE-2024-26664
In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Fix out-of-bounds memory access Fix a bug that pdata-cpumap is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package...
CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of...
CVE-2024-25700
The CVE concerns Esri Portal for ArcGIS Enterprise Web App Builder (versions 11.1 and below). A stored Cross-site Scripting (XSS) condition can arise when an attacker with high privileges creates a crafted link stored in a web map; when clicked, it could execute arbitrary JavaScript in the victim...