PT-2024-35554

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc2-build3+ Description The issue is related to lock recursion in the Linux kernel, specifically in the afs wake up async call function. This function can incur lock recursion when called from AF RXRPC whi...

PT-2025-8841

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, specifically in the nvkm/gsp component. The issue arises from the incorrect advancement of the read pointer of the GSP message...

kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune()

An out-of-bounds write flaw was found in the Linux kernel's multiq qdisc functionality. This vulnerability allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/mlx5: Add a timeout to acquire the command queue semaphore

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

kernel: ionic: fix use after netif_napi_del()

A vulnerability was found in the Linux kernel's Ionic driver in the ionicqcqenable function, where the issue arises when the driver fails to reset the .poll pointer to NULL after a queue is unregistered via netifnapidel, leading to a use-after-free scenario when attempting to enable a previously...

CVE-2024-46847

...

CVE-2024-46797

...

CVE-2024-46784

...

The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue is related to the use of an unreliable pointer. Exploiting this vulnerability can allow attackers to increase their privileges...

PT-2024-33966

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A race condition exists between reset and nvme dev disable in the Linux kernel. The nvme dev disable function modifies the dev-online queues field, and nvme pci update nr queues should avoid...

CVE-2024-48623

DomainMOD

CVE-2024-48623

In queue\index.php of DomainMOD below v4.12.0, the listid and domainid parameters in the GET request can be exploited to cause a reflected Cross Site Scripting XSS...

SUSE CVE-2024-47167

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio's asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

CVE-2024-47489

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the asyncsaveurltocache function in the /queue/join endpoint. An attacker can send HTTP requests to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from waiting for a tx queue even after the firmware is stuck, resulting in a warning...

PT-2024-32824 · Mediawiki · Importdump

Name of the Vulnerable Software and Affected Versions: ImportDump extension for mediawiki affected versions not specified Description: The issue allows anyone who can edit the interface strings of a wiki, typically administrators and interface admins, to embed XSS payloads in the messages for...

PT-2024-32813 · Mediawiki · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue concerns the CreateWiki extension used for requesting and creating wikis, where the name of requested wikis is not properly escaped on the Special:RequestWikiQueue page. This...