PT-2024-31337

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50 Description The issue arises in the net/mlx5e component of the Linux kernel, specifically with the SHAMPO feature. When all strides in a Work Queue Element WQE are consumed, the WQE is unlinked from the Wo...

CVE-2024-36962

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses localbhdisable/localbhenable in its IRQ handler to avoid triggering netrxaction softirq on exit from netifrx. The netrxaction could...

DEBIAN-CVE-2024-36962

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses localbhdisable/localbhenable in its IRQ handler to avoid triggering netrxaction softirq on exit from netifrx. The netrxaction could...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919 Bulk Scanner CVE-2024-24919 Check Point Securi...

SUSE CVE-2024-36908

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocgpaydebt, warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk...

The vulnerability of the graphical driver of microprogramming software in Qualcomm’s embedded chips allows a hacker to execute arbitrary code.

The vulnerability of the graphical driver of embedded Qualcomm software lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code by destroying the context during the processing of objects in the KGSLGPUAUXCOMMANDTIMELINE queue...

UBUNTU-CVE-2024-36908

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocgpaydebt, warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk...

CVE-2023-52882

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other...

DRUPAL-CONTRIB-2024-024

The Migrate queue importer module enables you to create cron migrationsconfiguration entities with a reference towards migration entities in order to import them during cron runs. The module doesn't sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an...

SUSE CVE-2023-52774

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel...

SUSE CVE-2023-52851

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5mkeycacheinit, delete the call to mlx5rumrresourcecleanup which frees th...

Drupal Migrate queue importer module < 2.1.1 - Administrator+ Cross Site Request Forgery (CSRF) vulnerability

Administrator+ Cross Site Request Forgery CSRF vulnerability discovered by Pierre Rudloff in WordPress Module Migrate queue importer versions 2.1.1...

Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

The Migrate queue importer module enables you to create cron migrationsconfiguration entities with a reference towards migration entities in order to import them during cron runs. The module doesn't sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an...

PT-2024-10357 · Drupal · Migrate Queue Importer

Name of the Vulnerable Software and Affected Versions: Migrate queue importer versions 0.0.0 through 2.1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the Migrate queue importer module of the Drupal content management system. This vulnerability allows f...

SUSE CVE-2021-47562

In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi-txqmap sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi-txqmap's size is equal t...

SUSE CVE-2021-47563

In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpfprog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndobpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an interface...

SUSE CVE-2021-47498

In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...

The vulnerability of the reqsk_queue_alloc() function in the Linux kernel-based TCP protocol implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reqskqueuealloc function in the net/core/requestsock.c module of the Linux kernel’s TCP protocol implementation is related to deficiencies in the serialization mechanism, leading to competitive access to resources. Exploiting this vulnerability could allow a remote attack...

CVE-2021-47562

In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi-txqmap sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi-txqmap's size is equal t...

The vulnerability of the file conversion tools between different formats, such as PS/IGES Parasolid Translator, arises from buffer overflows. This allows attackers to execute arbitrary code.

The vulnerability of the file conversion tools between different formats in PS/IGES Parasolid Translator lies in the overflow of the buffer based on a queue. Exploiting this vulnerability could allow an attacker to execute arbitrary code...