1086 matches found
CVE-2024-53089
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f "KVM: LAPIC: Mark hrtimer to expire in hard interrupt context" and commit 9090825fa9974 "KVM: arm/arm64: Let the timer expire in hardirq...
SUSE CVE-2024-53068
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix slab-use-after-free in scmibusnotifier The scmidev-name is released prematurely in scmidevicedestroy, which causes slab-use-after-free when accessing scmidev-name in scmibusnotifier. So move the release of...
AZL-53873 CVE-2024-53068 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix slab-use-after-free in scmibusnotifier The scmidev-name is released prematurely in scmidevicedestroy, which causes slab-use-after-free when accessing scmidev-name in scmibusnotifier. So move the release of...
DEBIAN-CVE-2024-53068
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix slab-use-after-free in scmibusnotifier The scmidev-name is released prematurely in scmidevicedestroy, which causes slab-use-after-free when accessing scmidev-name in scmibusnotifier. So move the release of...
kernel: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
A slab-out-of-bounds read vulnerability was found in the Linux kernel's PowerPC IOMMU code. The failiommusetup function registers the same notifierblock structure to both PCI and VIO buses. Since notifierblock is a linked list node, this causes notifiers registered to one bus type to also apply t...
kernel: clk: Fix memory leak in devm_clk_notifier_register()
A resource-management flaw was found in the Linux kernel Common Clock Framework. The device-managed clock notifier registration function failed to register its allocated resource, preventing cleanup on device detach. A local user repeatedly binding and unbinding devices could cause memory leaks a...
SUSE CVE-2024-50136
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: 682.589148 ------------ cut here ------------ 682.590204...
DEBIAN-CVE-2024-50136
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: 682.589148 ------------ cut here ------------ 682.590204...
CVE-2024-50136
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: 682.589148 ------------ cut here ------------ 682.590204...
AZL-52398 CVE-2024-50136 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: 682.589148 ------------ cut here ------------ 682.590204...
UBUNTU-CVE-2024-50136
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: 682.589148 ------------ cut here ------------ 682.590204...
CVE-2024-50136 net/mlx5: Unregister notifier on eswitch init failure
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: 682.589148 ------------ cut here ------------ 682.590204...
CVE-2024-50136 net/mlx5: Unregister notifier on eswitch init failure
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: 682.589148 ------------ cut here ------------ 682.590204...
CVE-2024-50136
CVE-2024-50136 affects the Linux kernel’s mlx5 driver (net/mlx5) where the notifier for eswitch init could remain registered after an init failure, causing a later eswitch enable to emit warnings like “notifier callback eswitch_vport_event [mlx5_core] already registered.” The root cause described...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net/mlx5 module failing to properly log out of the notifier when eswitch initialization fails, which cou...
CVE-2024-10048
CVE-2024-10048 affects the WordPress plugins Post Status Notifier Lite and Premium up to version 1.11.6, with a Reflected Cross-Site Scripting via the ‘page’ parameter caused by insufficient input sanitization and output escaping. An unauthenticated attacker could inject web scripts into pages ex...
WordPress Post Status Notifier Premium plugin <= 1.11.6 - Reflected Cross-Site Scripting via page vulnerability
Reflected Cross-Site Scripting via page vulnerability discovered by Colin Xu in WordPress Plugin Post Status Notifier Premium versions = 1.11.6...
WordPress Post Status Notifier Lite plugin <= 1.11.6 - Reflected Cross-Site Scripting via page vulnerability
Reflected Cross-Site Scripting via page vulnerability discovered by Colin Xu in WordPress Plugin Post Status Notifier Lite versions = 1.11.6...
PT-2024-15995 · WordPress · Post Status Notifier Lite +1
Name of the Vulnerable Software and Affected Versions: Post Status Notifier Lite and Premium plugins for WordPress versions up to, and including, 1.11.6 Description: The issue is related to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output...
WordPress Post Status Notifier Lite Plugin <= 1.11.6 is vulnerable to Cross Site Scripting (XSS)
Software Post Status Notifier Lite Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fa83a961050b Credits Colin...