UBUNTU-CVE-2024-27431

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

CVE-2024-27435 nvme: fix reconnection fail due to reserved tag allocation

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, adminq reconnect failed forever while remote target and network is ok. After dig into it, we found ...

CVE-2024-27435 nvme: fix reconnection fail due to reserved tag allocation

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, adminq reconnect failed forever while remote target and network is ok. After dig into it, we found ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not reclaiming a buffer when the Rx queue is full...

PT-2024-26758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when an skb is added to a neigh-arp queue while waiting for an arp reply, and the original skb's skb-dev can be different from neigh's neigh-dev. This can occur in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a queue wakeup error...

The vulnerability of the sdhci_write_dataport function in the QEMU hardware emulation software allows a hacker to cause a service failure.

The vulnerability of the sdhciwritedataport function in the QEMU hardware emulation software is related to overflow in the queue, caused by the parameters s-datacount and s-fifobuffer. Exploiting this vulnerability can allow a hacker to cause a service failure...

PT-2024-26753 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the io uring feature. The issue involves the io queue proc function modifying the req-flags variable. Recommendations:...

GHSA-W9P3-26FX-5MP3 eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)

There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed...

eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)

There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed...

eZ Platform Editor Cross-site Scripting (XSS)

This Security Advisory is about two issues of low to medium severity. We recommend that you install the update as soon as possible. There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted...

GHSA-4C2W-V5RQ-5MX7 eZ Platform Editor Cross-site Scripting (XSS)

This Security Advisory is about two issues of low to medium severity. We recommend that you install the update as soon as possible. There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted...

CVE-2024-31856

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

PT-2024-40068 · Ez Systems +2 · Ez Platform +5

Name of the Vulnerable Software and Affected Versions: eZ Platform versions 1.13.x through 3.1.2 eZ Platform EE versions 2.5.13 through 3.1.2 CKEditor versions prior to 4.14 AlloyEditor versions prior to 2.11.9 Description: There are two security issues of low to medium severity. The first issue ...

PT-2024-40496 · Ez Systems +1 · Ez Platform +4

Name of the Vulnerable Software and Affected Versions: eZ Platform versions prior to 1.13.x with ezsystems/PlatformUIAssetsBundle version 4.2.3 eZ Platform version 2.5.13 with ezsystems/ezplatform-admin-ui-assets version 4.2.1 eZ Platform version 3.0. with ezsystems/ezplatform-admin-ui-assets...

The vulnerability of the `flush_all_cpus_locked()` function in the `mm/slub.c` module of the Linux kernel’s memory management subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the flushallcpuslocked function in the mm/slub.c module of the Linux kernel’s memory management subsystem is related to the use of an incorrect queue for task execution. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

ZEIT Next.js 环境问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. An environmental issue vulnerability exists in ZEIT Next.js versions 13.4 through prior to 13.5.1 that stems from the presence of a response queue poisoning vulnerability...

CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

PT-2024-26118 · Unknown · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue allows users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki...

Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...