WordPress plugin Post Status Notifier Lite and Premium 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress Post Status Notifier Premium Plugin <= 1.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Status Notifier Premium Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dcdb37cb71e Credits...

SUSE CVE-2022-48972

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INITLISTHEAD in ieee802154ifadd Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154netdevnotifiercall+0x120/0x3...

SUSE CVE-2022-48982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: 71.986122 Call Trace: 71.986124 71.986125...

SUSE CVE-2022-49014

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach syzbot reported use-after-free in tundetach 1. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free in...

PT-2024-10004

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.38-debug Description The issue is related to a slab-use-after-free vulnerability in the scmi bus notifier function. This occurs because the scmi dev-name is released prematurely in scmi device destroy, causin...

DEBIAN-CVE-2022-49014

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach syzbot reported use-after-free in tundetach 1. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: 71.986122 Call Trace: 71.986124 71.986125...

DEBIAN-CVE-2022-48982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: 71.986122 Call Trace: 71.986124 71.986125...

DEBIAN-CVE-2022-48972

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INITLISTHEAD in ieee802154ifadd Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154netdevnotifiercall+0x120/0x3...

UBUNTU-CVE-2022-48982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: 71.986122 Call Trace: 71.986124 71.986125...

CVE-2022-48991 mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths

In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs like KVM don't keep accessing pages which aren't mapped anymore...

CVE-2022-48982 Bluetooth: Fix crash when replugging CSR fake controllers

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: 71.986122 Call Trace: 71.986124 71.986125...

CVE-2024-47744 KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock

In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvmusagecount to avoid deadlock Use a dedicated mutex to guard kvmusagecount to fix a potential deadlock on x86 due to a chain of locks and SRCU synchronizations. Translating the below lockdep...

CVE-2024-47707 ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6uncachedlistflushdev Blamed commit accidentally removed a check for rt-rt6iidev being NULL, as spotted by syzbot: Oops: general protection fault, probably for non-canonical address...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the MMU notifier not being called correctly in the mm/khugepaged subsystem, which could result in a secondar...

SUSE CVE-2024-46860

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921ipv6addrchange When disabling wifi mt7921ipv6addrchange is called as a notifier. At this point mvif-phy is already NULL so we cannot use it here...

AZL-49821 CVE-2024-46860 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921ipv6addrchange When disabling wifi mt7921ipv6addrchange is called as a notifier. At this point mvif-phy is already NULL so we cannot use it here...

CVE-2024-46860

CVE-2024-46860 refers to a Linux kernel vulnerability in the wifi subsystem: mt76 mt7921 code path may dereference a NULL mvif-&gt;phy when mt7921_ipv6_addr_change is invoked as a notifier while disabling wifi. The description states the fix prevents access to a NULL mvif-&gt;phy, addressing a NU...

kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpiochrdevrelease, watchedlines is freed by bitmapfree, but the...