ALSA-2024:8856 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/bluetooth: race condition in conninfomin,maxageset CVE-2024-24857 kernel: dmaengine: fix NULL pointer in channel unregistration function CVE-2023-52492 kernel: netfilter:...

CVE-2024-43118

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through = 3.9.1...

CVE-2024-37444

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through = 4.7.1...

CVE-2024-37444

CVE-2024-37444 – Missing Authorization in Defender Security (WPMU DEV Defender Security) for WordPress allows accessing functionality not constrained by ACLs. Affected: Defender Security through 4.7.1 (WordPress plugin). Mitigation: upgrade to 4.7.2 or later (patch available). CVSS v3.1: 9.8 (AV:...

CVE-2024-43118

CVE-2024-43118 is a Missing Authorization vulnerability in the WordPress plugin Hummingbird (WPMU DEV) caused by incorrectly configured access control. Connected PT Security data identifies the affected software as WPMU DEV Hummingbird versions 3.9.1 and earlier, with a remediation recommended to...

PT-2024-30305 · Wpmu Dev · Wpmu Dev Hummingbird

Name of the Vulnerable Software and Affected Versions: WPMU DEV Hummingbird versions 3.9.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WPMU DEV Hummingbi...

WordPress Forminator Plugin <= 1.36.0 is vulnerable to Insecure Direct Object References (IDOR)

Software Forminator Type Plugin Vulnerable versions = 1.36.0 Fixed in 1.36.1 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2024-9700 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID f94c41be5520 Credits Vijaysimha Reddy vijaysimha Require...

SUSE CVE-2022-48958

In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in grethinitrings The grethinitrings function won't free the newly allocated skb when dmamappingerror returns error, so add devkfreeskb to fix it. Compile tested only...

DEBIAN-CVE-2022-48975

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...

DEBIAN-CVE-2024-49982

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 "aoe: fix the potential use-after-free problem in aoecmdcfgpkts" makes tx calling devput instead of doing in aoecmdcfgpkts. It...

CVE-2024-49878

In the Linux kernel, the following vulnerability has been resolved: resource: fix regionintersects vs addmemorydrivermanaged On a system with CXL memory, the resource tree /proc/iomem related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff ...

CVE-2024-49982 aoe: fix the potential use-after-free problem in more places

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 "aoe: fix the potential use-after-free problem in aoecmdcfgpkts" makes tx calling devput instead of doing in aoecmdcfgpkts. It...

CVE-2024-49947

CVE-2024-49947 affects the Linux kernel net stack, specifically a vulnerability in virtio_net_hdr_to_skb() where an incorrectly set skb-&gt;csum_start could place the transport header before or after the network header when processing injected packets via af_packet. Syzbot-triggered warnings show...

CVE-2024-49947 net: test for not too small csum_start in virtio_net_hdr_to_skb()

In the Linux kernel, the following vulnerability has been resolved: net: test for not too small csumstart in virtionethdrtoskb syzbot was able to trigger this warning 1, after injecting a malicious packet through afpacket, setting skb-csumstart and thus the transport header to an incorrect value...

CVE-2024-49878 resource: fix region_intersects() vs add_memory_driver_managed()

In the Linux kernel, the following vulnerability has been resolved: resource: fix regionintersects vs addmemorydrivermanaged On a system with CXL memory, the resource tree /proc/iomem related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff ...

AZL-51150 CVE-2024-47705 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blkaddpartition The blkaddpartition function initially used a single if-condition ISERRpart to check for errors when adding a partition. This was modified to handle the specific...

AZL-51219 CVE-2024-47705 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blkaddpartition The blkaddpartition function initially used a single if-condition ISERRpart to check for errors when adding a partition. This was modified to handle the specific...

DEBIAN-CVE-2024-47705

In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blkaddpartition The blkaddpartition function initially used a single if-condition ISERRpart to check for errors when adding a partition. This was modified to handle the specific...

Debian dla-3926 : libperl-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3926 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3926-1 [email protected]...

CVE-2024-49298

CVE-2024-49298 is a stored cross-site scripting (XSS) vulnerability in the PeproDev Ultimate Invoice WordPress plugin (versions up to 2.0.6). The issue stems from improper neutralization of input during web page generation, enabling stored XSS. The vulnerability affects PeproDev Ultimate Invoice ...