UBUNTU-CVE-2024-49976

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interfacelock in stopkthread stopkthread is the offline callback for "trace/osnoise:online", since commit 5bfbcd1ee57b "tracing/timerlat: Add interfacelock around clearing of kthread in stopkthread", the...

UBUNTU-CVE-2024-49866

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ODEBUG: init active active state 0 object:...

CVE-2024-49976 tracing/timerlat: Drop interface_lock in stop_kthread()

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interfacelock in stopkthread stopkthread is the offline callback for "trace/osnoise:online", since commit 5bfbcd1ee57b "tracing/timerlat: Add interfacelock around clearing of kthread in stopkthread", the...

CVE-2024-49866 tracing/timerlat: Fix a race during cpuhp processing

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ODEBUG: init active active state 0 object:...

CVE-2024-49866 tracing/timerlat: Fix a race during cpuhp processing

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ODEBUG: init active active state 0 object:...

CVE-2024-49866 tracing/timerlat: Fix a race during cpuhp processing

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ODEBUG: init active active state 0 object:...

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2899 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

PT-2024-12651 · Eufy · Eufy Homebase 2

Name of the Vulnerable Software and Affected Versions: Eufy Homebase 2 versions prior to 3.3.4.1h Description: The Eufy Homebase 2 creates a dedicated wireless network for its ecosystem, serving as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is...

How can you protect your data, privacy, and finances if your phone gets lost or stolen?

Steps to take when your device is lost or stolen TL;DR This is a guide to help prepare for a situation where your mobile device is lost or stolen, including where it is stolen in an unlocked state. The post covers: Creating good habits in your digital life. Using available features to secure your...

QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

CVE-2024-46943

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information...

PT-2024-32292 · Opendaylight · Opendaylight Authentication

Name of the Vulnerable Software and Affected Versions: OpenDaylight Authentication, Authorization and Accounting AAA versions through 0.19.3 Description: An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA. A rogue controller can join a cluster to impersonate ...

OpenDaylight 安全漏洞

OpenDaylight ODL is an open source SDN controller open sourced by OpenDaylight. A security vulnerability exists in OpenDaylight 0.19.3 and earlier versions that stems from the fact that a malicious controller can join a cluster to impersonate an offline peer node, even if the malicious controller...

SUSE CVE-2024-44958

In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance schedsmtpresent dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jumplabel.c:263 statickeyslowtrydec+0x9d/0xb0 Call Trace:...

CVE-2024-44958 sched/smt: Fix unbalance sched_smt_present dec/inc

In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance schedsmtpresent dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jumplabel.c:263 statickeyslowtrydec+0x9d/0xb0 Call Trace:...

CVE-2024-44958 sched/smt: Fix unbalance sched_smt_present dec/inc

In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance schedsmtpresent dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jumplabel.c:263 statickeyslowtrydec+0x9d/0xb0 Call Trace:...

"Check for Available Renewals" may show error banner "citrixservices.citrix.com is unreachable"

When user clicks "Check for Available Renewals" button in Citrix License Server Console, error banner "citrixservices.citrix.com is unreachable. The server might be offline or there might be Internet, Proxy, or Firewall issues. " may appear. Actually, the affected license server is able to reach...

IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Supermicro Onboard IPMI Static SSL Certificate Scanner', 'Description' = %q This module checks for a static SSL certificate shipped with Supermic...

Wordpress Paid Membership Pro Code Unauthenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Paid Membership Pro code Unauthenticated SQLi', 'Description' = %q Paid Membership Pro, a WordPress plugin, prior to 2.9.8 is affected ...