DEBIAN-CVE-2022-48952

In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct socdeviceattribute array, which causes an oops when assessed by the socdevicematchmt7621pciequirksmatch call. This was only exposed once...

UBUNTU-CVE-2024-50039

In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCASTAB only for root qdisc Most qdiscs maintain their backlog using qdiscpktlenskb on the assumption it is invariant between the enqueue and dequeue handlers. Unfortunately syzbot can crash a host rather easily...

UBUNTU-CVE-2022-48952

In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct socdeviceattribute array, which causes an oops when assessed by the socdevicematchmt7621pciequirksmatch call. This was only exposed once...

CVE-2024-50012 cpufreq: Avoid a bad reference count on CPU node

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parseperfdomain function, if the call to ofparsephandlewithargs returns an error, then the reference to the CPU device node that was acquired at the start of the function...

CVE-2024-50012 cpufreq: Avoid a bad reference count on CPU node

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parseperfdomain function, if the call to ofparsephandlewithargs returns an error, then the reference to the CPU device node that was acquired at the start of the function...

UBUNTU-CVE-2024-49900

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ocfs2 file system not reserving enough space for an inline xattr before attaching a reflink tree...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the hwmon module not performing a null check before removing the sysfs attribute in the coretemp driver...

PT-2024-33852

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A vulnerability in the Linux kernel's cpufreq function has been resolved. The issue occurred in the parse perf domain function, where a bad reference count on the CPU node could happen if the...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ext4 file system that could lead to out-of-bounds access when the system.data extended attribute is...

SAP HANA Input Validation Error Vulnerability (CNVD-2024-49626)

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functions to support users to query real-time business data query and analysis. An input validation error vulnerability exists in the SAP HANA Node.js client, which ste...

Qnap QTS Prototype Pollution (CVE-2023-39296)

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-8883 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-8883 Source advisor...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

Astro 跨站脚本漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions 3.0.0 through 4.16.1 and earlier, which stems from not properly cleaning up the name attribute on a page...

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

...

WordPress plugin Rescue Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-47507

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update messa...

CVE-2024-47499

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service DoS. In a scenario where BGP Monitoring Protocol BMP is...