CVE-2024-47744

In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvmusagecount to avoid deadlock Use a dedicated mutex to guard kvmusagecount to fix a potential deadlock on x86 due to a chain of locks and SRCU synchronizations. Translating the below lockdep...

CVE-2024-49859

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomicfile in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fsiocsetpinfile, f2fsmovefilerange, and f2fsdefragmentrange missed to check atomicwrite status, which may cause potential race issue, fix it...

CVE-2024-47729

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

CVE-2024-47735

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of spinlockirq/spinunlockirq when spinlockirqsave/spinlockirqrestore was hold. This was discovered through the lock debugging, and the corresponding log is a...

CVE-2024-47713

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop Since 'devqueuexmit' should be called with interrupts enabled, the following backtrace: ieee80211dostop ... spinlockirqsave&local-queuestopreasonlock, flags...

CVE-2024-47693

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix ibcachesetupone error flow cleanup When ibcacheupdate return an error, we exit ibcachesetupone instantly with no proper cleanup, even though before this we had already successfully done gidtablesetupone, that results...

CVE-2024-47705

In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blkaddpartition The blkaddpartition function initially used a single if-condition ISERRpart to check for errors when adding a partition. This was modified to handle the specific...

CVE-2022-4973

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into...

CVE-2024-21273

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2024-21198

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

CVE-2024-46732 affecting package kernel for versions less than 6.6.51.1-5

CVE-2024-46732 affecting package kernel for versions less than 6.6.51.1-5. An upgraded version of the package is available that resolves this issue...

CVE-2024-46743 affecting package kernel for versions less than 6.6.51.1-5

CVE-2024-46743 affecting package kernel for versions less than 6.6.51.1-5. An upgraded version of the package is available that resolves this issue...

CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

CVE-2024-41011 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-41011 affecting package kernel for versions less than 5.15.167.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities...

CVE-2024-9780

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

CVE-2024-43591

Azure Command Line Integration CLI Elevation of Privilege Vulnerability...

CVE-2024-0124

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service...