CVE-2024-4901

CVE-2024-4901 affects GitLab CE/EE: a stored XSS vulnerability that could be imported from a project with malicious commit notes. Root cause cited as improper neutralization of input during web page generation. Affected versions: GitLab 16.9–16.11.4, 17.0.0–17.0.2, and 17.1.0–17.1.0 (and similar ...

GitLab Cross-Site Scripting Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A cross-site scripting vulnerability exists in GitLab CE/EE versions 16.9 throu...

CVE-2024-39293

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws Commit f316cdff8d67 "clk: Annotate struct clkhwonecelldata with countedby" annotated the hws member of 'struct clkhwonecelldata' with countedby, which informs the bounds sanitizer...

CVE-2024-39293 Revert "xsk: Support redirect to any socket bound to the same umem"

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

CVE-2024-38663

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 "blk-cgroup: Optimize blkcgrstatflush", each iostat instance is added to blkcg percpu list, so blkcgresetstats can't reset the stat instance by...

Malicious code in react-select-custom-commit (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2940 Malicious code in react-select-custom-commit (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-38663

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 "blk-cgroup: Optimize blkcgrstatflush", each iostat instance is added to blkcg percpu list, so blkcgresetstats can't reset the stat instance by...

CVE-2024-38663

CVE-2024-38663 (Linux kernel) affects the blk-cgroup iostat/stat reset path. After commit 3b8cc6298724, each iostat instance is added to the blkcg per-CPU list, so blkcg_reset_stats() can’t reset the stat instance by memset(), risking list corruption. The fix is to reset only the counter portion,...

SUSE CVE-2022-48733

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:createsnapshot, we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call...

CVE-2024-36484 net: relax socket state check at accept time.

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...

CVE-2024-6184

A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/rebootcommit.php. The manipulation of the argument servicename leads to os command injection. The attack can be launched remotely...

CVE-2024-6185

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function getipaddrdetails of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely...

CVE-2022-48733

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:createsnapshot, we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call...

DEBIAN-CVE-2022-48733

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:createsnapshot, we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call...

UBUNTU-CVE-2022-48733

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:createsnapshot, we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call...

UBUNTU-CVE-2022-48712

In the Linux kernel, the following vulnerability has been resolved: ext4: fix error handling in ext4fcrecordmodifiedinode Current code does not fully takes care of krealloc error case, which could lead to silent memory corruption or a kernel bug. This patch fixes that. Also it cleans up some...

CVE-2022-48761 usb: xhci-plat: fix crash when suspend if remote wake enable

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 1 PREEMPT SMP Modules linked in: CPU: 2 PID: 244...