CVE-2021-47205

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some...

CVE-2021-47217

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex array prior to derefencing hvvpindex when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hypervinit, the kernel...

DEBIAN-CVE-2021-47205

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some...

CVE-2021-47217

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex array prior to derefencing hvvpindex when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hypervinit, the kernel...

UBUNTU-CVE-2021-47205

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some...

CVE-2021-47217

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex array prior to derefencing hvvpindex when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hypervinit, the kernel...

CVE-2021-47217 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex array prior to derefencing hvvpindex when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hypervinit, the kernel...

CVE-2021-47217 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex array prior to derefencing hvvpindex when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hypervinit, the kernel...

CVE-2024-0626

The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callbackhandler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid...

CVE-2024-2222 Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion

The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6725-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-1 advisory. Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when...

WordPress Plugin WooCommerce Clover Payment Gateway 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

Incorrect Behavior Order

github.com/cosmos/ibc-go/ is vulnerable to Incorrect Behavior Order. The vulnerability is due to the ability of an attacker to execute the same MsgTimeout inside the IBC hook for the OnTimeout callback before the packet commitment is deleted...

PT-2024-22996 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: In the afe callback function of q6afe.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of...

DEBIAN-CVE-2024-26731

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...

UBUNTU-CVE-2024-26731

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...

CVE-2024-26669

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the 'FLOWBLOCKUNBIND'...

PT-2024-10552 · WordPress · Wp-File-Upload

Name of the Vulnerable Software and Affected Versions: wp-file-upload Plugin versions up to 2.4.3 Description: A vulnerability has been found in the wp-file-upload Plugin, which is classified as problematic. The issue affects the function wfu ajax action callback of the file lib/wfu...

WordPress Plugin Responsive 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-29882 SRS DOM - XSS on JSONP callback

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...