DEBIAN-CVE-2022-48675

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

UBUNTU-CVE-2022-48675

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

WordPress plugin Advanced Post Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18325 · WordPress · Analytify – Google Analytics Dashboard For Wordpress

Name of the Vulnerable Software and Affected Versions: The Analytify – Google Analytics Dashboard For WordPress plugin for WordPress versions up to, and including, 5.2.3 Description: The issue allows authenticated attackers with subscriber access or higher to obtain certain sensitive information...

WordPress plugin Control Menu Visibility 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-26998

A vulnerability was found in the Linux kernel's serial core subsystem when handling circular buffers, where the buffer is not properly cleared before being set to NULL. This could lead to data leakage or unexpected behavior. Mitigation Mitigation for this issue is either not available or the...

CVE-2024-26958

A use-after-free flaw was found in fs/nfs/direct.c in the Linux kernel. This may lead to a crash...

CVE-2024-26998

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

CVE-2024-26998

CVE-2024-26998 affects the Linux kernel serial subsystem, specifically the core path handling the circular buffer in the 8250 serial port code. The root cause is a mismatch between the buffer pointer state and head/tail positions during shutdown: the circular buffer is cleared (NULLified) under a...

CVE-2024-26998 serial: core: Clearing the circular buffer before NULLifying it

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

CVE-2024-26998

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

CVE-2024-26958

CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...

CVE-2024-26958 nfs: fix UAF in direct writes

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

CVE-2024-26939 drm/i915/vma: Fix UAF on destroy against retire race

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. 161.359441 ODEBUG: free active...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not refreshing the asynchronous PF work queue when the vCPU is destroyed...

Fedora 39 : python-aiohttp (2024-e0057e6044)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0057e6044 advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...