UBUNTU-CVE-2024-53211

In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tpexitnet found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARNONONCE!idrisempty&pn-l2tptunnelidr; idrdestroy&pn-l2tptunnelidr; By forcing memory allocatio...

CVE-2024-53164

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch-q.qlen around qdisctreereducebacklog need to happen before a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become...

UBUNTU-CVE-2024-53164

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch-q.qlen around qdisctreereducebacklog need to happen before a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become...

UBUNTU-CVE-2024-53171

In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifstncendcommit After an insertion in TNC, the tree might split and cause a node to change its znode-parent. A further deletion of other nodes in the tree which also could free the...

CVE-2024-53171 ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifstncendcommit After an insertion in TNC, the tree might split and cause a node to change its znode-parent. A further deletion of other nodes in the tree which also could free the...

CVE-2024-53164 net: sched: fix ordering of qlen adjustment

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch-q.qlen around qdisctreereducebacklog need to happen before a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference in the PCI:endpoint:epf-mhi module when DT is missing mmio...

PT-2024-35658 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the net/l2tp module, specifically in the l2tp exit net function. The problem occurs when the IDR ID...

PT-2024-36815 · Theora +3 · Theora +3

Name of the Vulnerable Software and Affected Versions: Theora versions up to 1.0 7180717 Description: The issue is related to an invalid negative left shift in the oc huff tree unpack function in huffdec.c within libtheora, as used in Theora. This function contains a problem that can be exploited...

CVE-2024-56431

ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...

Malicious code in tree-sitter-dockerfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 345b2afbf518dc7083621e0f9fb5e7e8b109a319cc7aec619f17c7aa9b18deca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12112 Malicious code in tree-sitter-dockerfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 345b2afbf518dc7083621e0f9fb5e7e8b109a319cc7aec619f17c7aa9b18deca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tree-sitter-r (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 245c8ac9e9a17d5087161ac19522605901bd29822d69603d3ffaf8b5fe808945 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12100 Malicious code in tree-sitter-r (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 245c8ac9e9a17d5087161ac19522605901bd29822d69603d3ffaf8b5fe808945 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-3612

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A use-after-free issue was found in the Linux kernel, specifically in the adv7533 attach dsi function. The host node pointer was assigned and freed in adv7533 parse dt, and later used in adv753...

CVE-2024-54331

Cross-Site Request Forgery CSRF vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through = 1.7.3...

CVE-2024-54331 WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through = 1.7.3...

CVE-2024-54331 WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3...

CVE-2024-54331

CVE-2024-54331 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “I Plant A Tree” that enables a Stored Cross-Site Scripting (XSS) condition. Affected versions are listed as from n/a through 1.7.3. The connected Red Hat and Wordfence sources confirm this vulnerab...

WordPress plugin I Plant A Tree 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...