CVE-2024-44978 drm/xe: Free job before xe_exec_queue_put

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xeexecqueueput Free job depends on job-vm being valid, the last xeexecqueueput can destroy the VM. Prevent UAF by freeing job before xeexecqueueput. cherry picked from commit...

CVE-2024-44978 drm/xe: Free job before xe_exec_queue_put

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xeexecqueueput Free job depends on job-vm being valid, the last xeexecqueueput can destroy the VM. Prevent UAF by freeing job before xeexecqueueput. cherry picked from commit...

CVE-2024-44976 ata: pata_macio: Fix DMA table overflow

In the Linux kernel, the following vulnerability has been resolved: ata: patamacio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 "ata: patamacio: Fix maxsegmentsize with PAGESIZE == 64K". For example: kernel B...

CVE-2024-44951

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on...

FreeBSD-SA-24:14.umtx

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:14.umtx Security Advisory The FreeBSD Project Topic: umtx Kernel panic or Use-After-Free Category: core Module: kern Announced: 2024-09-04 Credits: Synacktiv...

The vulnerability of the ice component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ice component in the Linux operating system’s kernel is related to the rapid removal and execution of the VF Commit process. Exploiting this vulnerability can allow an attacker to cause a service failure...

freewvs's nested directory structure can interrupt scan

Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...

GHSA-7PMH-VRWW-25XX freewvs's nested directory structure can interrupt scan

Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...

CVE-2024-8235

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...

OESA-2024-2078 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we...

OESA-2024-2077 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we...

CVE-2022-48944 sched: Fix yet more sched_fork() races

In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more schedfork races Where commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue...

CVE-2022-48944

The CVE-2022-48944 issue is a Linux kernel race in sched/fork() related to how new tasks are exposed via pidhash and runqueue handling. The description cites prior fixes that fixed a fork race vs cgroup (commit 4ef0c5c6b5ba) and a subsequent change that effectively reverted that, aiming to fix th...

phpIPAM < 1.7.0 Multiple XSS Vulnerabilities

phpIPAM is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2024-38949 · Unknown · Master-Nan Sweet-Cms

Name of the Vulnerable Software and Affected Versions: master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f Description: A vulnerability was found in master-nan Sweet-CMS, affecting the function LogHandler of the file middleware/log.go. The manipulation leads to improper output...

CVE-2024-41348

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/alsearch.php...

CVE-2024-41346

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/submit.php...

CVE-2024-41345

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/trip.php...

CVE-2024-41346

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/submit.php...

CVE-2024-41351

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting XSS via Public/statics/umeditor123/php/getContent.php...