87 matches found
CVE-2024-50046 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42completecopies On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the...
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads...
CVE-2024-36926 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...
CVE-2024-36926
CVE-2024-36926 affects the Linux kernel on PowerPC pseries hardware, where LPARs boot with a frozen PE may lack the ibm,dma-window property. This can cause a NULL pointer dereference while configuring PCI, leading to an oops/panic during boot. The vulnerability is described with kernel traces (pc...
CVE-2021-47465
A possible stack corruption flaw was found in the Linux kernel in idlekvmstartguest. This issue may lead to compromised availability...
CVE-2021-47337
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 "scsi: core: Fix error handling of scsihostalloc" changed the allocation logic to call putdevice to perform host cleanup with the...
WordPress Float menu plugin < 6.0.1 - Menu Deletion via CSRF vulnerability
Menu Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Float menu versions 6.0.1...
CVE-2024-26989 arm64: hibernate: Fix level3 translation fault in swsusp_save()
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...
WordPress WooCommerce Customers Manager plugin < 29.8 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin WooCommerce Customers Manager versions 29.8...
CVE-2024-26877
A vulnerability was found in the Linux kernel's Xilinx crypto driver. This issue is caused by failing to disable bottom halves BH when calling the cryptofinalizerequest function, leading to potential system warnings and call traces. Mitigation Mitigation for this issue is either not available or...
CVE-2024-26877 crypto: xilinx - call finalize with bh disabled
In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be disabled to avoid triggering the following calltrace: ------------ cut here ------------ WARNING: CPU: 2 PID: 74 at...
CVE-2024-26847 powerpc/rtas: use correct function name for resetting TCE tables
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree...
CVE-2024-26847 powerpc/rtas: use correct function name for resetting TCE tables
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree...
SUSE CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
CVE-2024-31852
A miscompile flaw was found in LLVM. In certain conditions, the LR register can be overwritten without data being saved to the stack, which can lead to an exploitable error in the compiled code. This affects the ARM backend and can be demonstrated with Clang. Mitigation Mitigation for this issue ...
AZL-39830 CVE-2024-31852 affecting package clang16 for versions less than 16.0.0-1
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
WordPress WooCommerce Product Filter plugin < 1.4.4 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Themify – WooCommerce Product Filter versions 1.4.4...
WordPress WooCommerce Product Filter plugin < 1.4.4 - Filter Deletion via CSRF vulnerability
Filter Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Themify – WooCommerce Product Filter versions 1.4.4...