7527 matches found
AZL-54204 CVE-2024-53119 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...
AZL-54236 CVE-2024-53119 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...
DEBIAN-CVE-2024-53119
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...
UBUNTU-CVE-2024-53118
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix skerrorqueue memory leak Kernel queues MSGZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recved. To prevent memory leaks, clean up the queue when the socket is destroyed...
CVE-2024-53119 virtio/vsock: Fix accept_queue memory leak
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...
CVE-2024-53119
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...
CVE-2024-53118 vsock: Fix sk_error_queue memory leak
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix skerrorqueue memory leak Kernel queues MSGZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recved. To prevent memory leaks, clean up the queue when the socket is destroyed...
MediaTek Chipsets 安全漏洞
MediaTek Chipsets are a variety of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets, which stems from a lack of boundary checking in cmdq, which could lead to out-of-bounds reads...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the virtio/vsock component in the accept queue due to a possible delay in the final stage o...
OESA-2024-2495 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a...
GHSA-4GWV-FPMG-CMV2 Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name...
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name...
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...
CVE-2024-54003
CVE-2024-54003 : Jenkins Simple Queue Plugin versions 1.4.4 and earlier are affected by a stored XSS due to the view name not being escaped, exploitable by attackers with View/Create permission. Root cause identified as failure to escape the view name. Impact aligns with high-severity in the CVSS...
Jenkins Plugin Simple Queue 跨站脚本漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin ... A cross-site...
PT-2024-36010 · Jenkins · Jenkins Simple Queue Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Simple Queue Plugin versions 1.4.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the view name is not escaped. This vulnerability is exploitable by attackers with View/Create...
Jenkins plugins Multiple Vulnerabilities (2024-11-27)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. CVE-2024-47855 - Jenkins Simple Queue Plugin 1.4.4...
kernel: blk-mq: fix IO hang from sbitmap wakeup race
A possible IO hang from sbitmap wakeup race was found in the Linux kernel. This may lead to compromised Availability...