8543 matches found
CVE-2022-38386 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...
CVE-2024-26933
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
UBUNTU-CVE-2024-26933
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
CVE-2024-26934 USB: core: Fix deadlock in usb_deauthorize_interface()
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one which acquires a device lock on an ancestor device: ...
CVE-2024-26934
CVE-2024-26934: Linux kernel USB core deadlock in usb_deauthorize_interface() when sysfs attribute callbacks hold a parent device lock. Affected: drivers/usb/core/sysfs.c (interface_authorized_store) acquiring parent device lock; fix uses sysfs_break_active_protection() to avoid waiting for the c...
CVE-2024-26934 USB: core: Fix deadlock in usb_deauthorize_interface()
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one which acquires a device lock on an ancestor device: ...
CVE-2024-26933 USB: core: Fix deadlock in port "disable" sysfs attribute
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
CVE-2024-26933 USB: core: Fix deadlock in port "disable" sysfs attribute
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
CVE-2024-26933
CVE-2024-26933 is described in connected advisories as a Linux kernel USB core fix: it resolves a deadlock in the port "disable" sysfs attribute handling. The show/store callbacks for the disable sysfs file in port.c acquire the hub’s device lock, while removing a hub (and potentially changing it...
CVE-2024-26933 USB: core: Fix deadlock in port "disable" sysfs attribute
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
IBM Cloud Pak for Security 和 IBM QRadar Suite 安全漏洞
IBM Cloud Pak for Security and IBM QRadar Suite are both products of International Business Machines IBM, U.S.A. IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automate...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a security hole in the sysfs attribute of port disable...
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are...
CVE-2024-32970 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...
CVE-2024-32970 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...
frr: crafted BGP UPDATE message leading to a crash
A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes for example, one with only an unknown transit attribute...
CVE-2024-22405 XADMaster may not apply quarantine attribute correctly to extracted files
XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This...
CVE-2024-22405 XADMaster may not apply quarantine attribute correctly to extracted files
XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This...
kernel: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check
An out-of-bounds read vulnerability was found in the Linux kernel's vDPA virtio Data Path Acceleration netlink interface. The vdpanlpolicy structure was missing the nlapolicy entry for the queue index attribute. Without proper validation, parsing netlink messages with this attribute could result ...
kernel: Linux kernel (ext4): Denial of Service due to inode leak via failed extended attribute creation
A flaw was found in the Linux kernel's ext4 filesystem. A local user can exploit this vulnerability by performing a setxattr operation with an injected fault, specifically when ext4markinodedirty fails within the ext4xattrinodecreate function. This can lead to an inode leak, resulting in filesyst...