CVE-2024-36939

In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpcprocregister in nfsnetinit. syzkaller reported a warning 0 triggered while destroying immature netns. rpcprocregister was called in initnfsfs, but its error has been ignored since at least the initial comm...

CVE-2024-36944

In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxlfencewait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got o...

CVE-2024-36903

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...

CVE-2024-36944

CVE-2024-36944 affects the Linux kernel. The issue arises from reverting the commit that simplified drm/qxl_fence_wait, which created a possible circular locking dependency between console_owner and the worker pool locking. Reverting the commit allows VMs to boot to completion but may reintroduce...

CVE-2024-36939 nfs: Handle error of rpc_proc_register() in nfs_net_init().

In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpcprocregister in nfsnetinit. syzkaller reported a warning 0 triggered while destroying immature netns. rpcprocregister was called in initnfsfs, but its error has been ignored since at least the initial comm...

CVE-2024-36938 bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueue Fix NULL pointer data-races in skpsockskbingressenqueue which syzbot reported 1. 1 BUG: KCSAN: data-race in skpsockdrop / skpsockskbingressenqueue write to...

CVE-2024-36907

...

CVE-2024-36903 ipv6: Fix potential uninit-value access in __ip6_make_skb()

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

CVE-2024-36903 ipv6: Fix potential uninit-value access in __ip6_make_skb()

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

CVE-2024-36894 usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix race between aiocancel and AIO request complete FFS based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...

CVE-2024-36020

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...

Unspecified Vulnerability in JetBrains TeamCity (CNVD-2025-16890)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a security...

CVE-2024-36371

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible...

CVE-2024-36371

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible...

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...

CVE-2024-36371

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible...

CVE-2024-36371

JetBrains TeamCity versions prior to 2023.05.6 and 2023.11.5 are affected by a stored cross-site scripting (XSS) vulnerability in the Commit status publisher, caused by insufficient filtering/escaping of user-provided data. An attacker could inject arbitrary script or HTML via the publisher, pote...

CVE-2024-36371

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible...