kernel: gfs2: Fix potential glock use-after-free on unmount

A vulnerability was found in the Linux kernel within the gfs2 component, where potential use-after-free issues could occur on unmount. When DLM lockspaces are released with remaining locks, callbacks for asynchronous lock contention may access freed objects, causing unexpected behavior...

CVE-2024-7858

The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level...

WordPress plugin Media Library Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

ROS-20240827-16

A vulnerability in the C-ares asynchronous DNS query library is related to uncontrolled resource consumption in the event of misinterpretation of packet length. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a corrupted UDP packet...

PT-2024-32180

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52 Description The main threat to data consistency in ice xdp is a possible asynchronous PF reset, which can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same...

DEBIAN-CVE-2022-48943

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvmarchcandequeueasyncpagepresent to determine whether to deliver a READY event to the Guest. This function te...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2259)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: gfs2: Fix potential glock use-after-free on unmount

A vulnerability was found in the Linux kernel within the gfs2 component, where potential use-after-free issues could occur on unmount. When DLM lockspaces are released with remaining locks, callbacks for asynchronous lock contention may access freed objects, causing unexpected behavior...

The vulnerability of the async_free_space() function in the Linux kernel’s binder component, which allows a hacker to disclose protected information

The vulnerability of the asyncfreespace function in the Linux kernel’s binder component is related to a potential data leak of up to 8 bytes during each asynchronous transaction that is 8 bytes or less in size. Exploiting this vulnerability could allow an attacker to disclose sensitive informatio...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure of the qla2xxx component to properly send an asynchronous logout during vport removal...

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-34736

CVE-2024-34736 affects Android’s media stack, specifically the StagefrightRecorder.cpp setupVideoEncoder. When B-frame support is enabled, there is a potential for asynchronous playback that can enable local elevation of privilege without requiring additional execution privileges or user interact...

CLSA-2024-1723494706 Fix of 19 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-42068 - bpf: Take return from setmemoryro into account with bpfproglockro CVE-url: https://ubuntu.com/security/CVE-2024-42079 - gfs2: Fix NULL pointer dereference in gfs2logflush CVE-url: https://ubuntu.com/security/CVE-2024-42226 - usb: xhci: prevent...

CVE-2024-39485

...

CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

UBUNTU-CVE-2024-42249

In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spiasync Calling spimaybeunoptimizemessage in spiasync is wrong because the message is likely to be in the queue and not transferred yet. This can corrupt the message while it is being used by the...

SourceCodester Tracking Monitoring Management System SQL注入漏洞

SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester Inc. A SQL injection vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the...