82 matches found
UBUNTU-CVE-2024-57804
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a SCSI mpi3mr driver that may result in a corrupted configuration page when the PHY is quickly...
UBUNTU-CVE-2024-49985
In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transf...
CVE-2023-2919
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...
CVE-2023-2919
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...
WordPress Tutor LMS plugin <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' vulnerability
Cross-Site Request Forgery via 'addonenabledisable' vulnerability discovered by Ram in WordPress Plugin Tutor LMS versions = 2.7.4...
PT-2024-38820 · D Link · Dns-320L +18
Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 Description: A...
CVE-2024-42111 btrfs: always do the basic checks for btrfs_qgroup_inherit structure
In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfsqgroupinherit structure BUG Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfsqgroupinherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of si...
CVE-2024-42111 btrfs: always do the basic checks for btrfs_qgroup_inherit structure
In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfsqgroupinherit structure BUG Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfsqgroupinherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of si...
CVE-2024-38557
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack PoC This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing:...
UBUNTU-CVE-2024-26803
In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIFFGRO automatically when XDP is enabled, because both features use the same NAPI machinery. The logic to clear NETIFFGRO sits in vethdisablexdp which is called...
CVE-2024-1763
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...
SUSE CVE-2023-52586
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
AZL-56806 CVE-2023-52586 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
DEBIAN-CVE-2023-52586
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
UBUNTU-CVE-2023-52586
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
SUSE CVE-2021-46914
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix unbalanced device enable/disable in suspend/resume pcidisabledevice called in ixgbeshutdown decreases dev-enablecnt by 1. pcienabledevicemem which increases dev-enablecnt by 1, was removed from ixgberesume in commit...
CVE-2021-46914
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix unbalanced device enable/disable in suspend/resume pcidisabledevice called in ixgbeshutdown decreases dev-enablecnt by 1. pcienabledevicemem which increases dev-enablecnt by 1, was removed from ixgberesume in commit...
CVE-2021-46914
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix unbalanced device enable/disable in suspend/resume pcidisabledevice called in ixgbeshutdown decreases dev-enablecnt by 1. pcienabledevicemem which increases dev-enablecnt by 1, was removed from ixgberesume in commit...