1907 matches found
kernel: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX
A flaw was addressed in the Linux kernel’s traffic scheduling TAPRIO subsystem. The code that handles the TCATAPRIOATTRSCHEDCYCLETIME attribute did not enforce an upper bound on this value, which could allow excessively large cycle time inputs to be processed. Under certain conditions, this can...
igb: cope with large MAX_SKB_FRAGS
...
wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...
wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...
CVE-2024-9611
CVE-2024-9611 refers to the WordPress plugin “Increase upload file size & Maximum Execution Time limit” with vulnerable code that uses add_query_arg without proper escaping, enabling Reflected Cross‑Site Scripting in all versions up to 2.0. This allows unauthenticated attackers to inject scripts ...
CVE-2024-9205
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9205
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...
WordPress Increase upload file size & Maximum Execution Time limit Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software Increase upload file size & Maximum Execution Time limit Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9611 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
PT-2024-33874
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc7-syzkaller-g5f5673607153 Description: The issue is related to a panic on IPPROTO SMC in the Linux kernel. When INET PROTOSW ICSK is set, icsk-icsk sync mss must also be set. The problem occurs due to a...
WordPress plugin Maximum Products per User for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin Maximum...
WordPress Maximum Products per User for WooCommerce plugin <= 4.2.8 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.2.8...
DEBIAN-CVE-2024-47664
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...
AZL-50860 CVE-2024-47664 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...
UBUNTU-CVE-2024-47664
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...
CVE-2024-47667 PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata i2037 AM65x SR 1.0 Errata i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 SPRZ452DJuly 2018Revised December 2019 1 mentions when an inbound PCIe TLP spans more than two internal AXI...
UBUNTU-CVE-2024-46816
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialize when link nums greater than maxlinks Why Coverity report OVERRUN warning. There are only maxlinks elements within dc-links. link count could up to AMDGPUDMMAXDISPLAYINDEX 31. How Make sur...
io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size
A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service...
kernel: mlxsw: thermal: Fix out-of-bounds memory accesses
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...
kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
A vulnerability was found in the Linux kernel's hwmon subsystem, specifically in the mlxreg-fan driver. The issue arises when the driver’s sysfs interface for controlling fan speed does not properly handle cases where the requested minimum fan speed exceeds the maximum allowable value. When the...
kernel: mlxsw: thermal: Fix out-of-bounds memory accesses
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...