CVE-2024-4465

CVE-2024-4465 describes an access control vulnerability in the Reports section of Guardian/CMC prior to version 24.2.0. A logged-in user with reporting privileges can discover a method to create a specific application request and make limited changes to the reporting configuration, risking partia...

CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

mm: prevent derefencing NULL ptr in pfn_section_valid()

...

kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

CVE-2024-44851

A stored cross-site scripting XSS vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-44851

Summary: CVE-2024-44851 is a stored XSS in Perfex CRM v1.1.0. The vulnerability resides in the Discussion section, where a crafted payload placed into the Content parameter can trigger script/HTML execution in browsers that view the page. Sources consistently identify the affected software as Per...

Important: Red Hat Security Advisory: MTV 2.6.6 Images

Updated Release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RollCMS 安全漏洞

RollCMS is a content management system by Sergei Erjemin Personal Developer. A security vulnerability exists in RollCMS 1484fe2c4e0805946a7bcf46218509fcb34883a9 and prior versions, which stems from mishandling of an unknown section in the rollcms/rollcms/views.py file, resulting in the disclosure...

SUSE CVE-2024-44956

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preemptfence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preemptfenceworkfunc since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so...

ALSA-2024:6422 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

CVE-2024-44956

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preemptfence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preemptfenceworkfunc since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so...

CVE-2024-44968

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers...

CVE-2024-44956

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preemptfence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preemptfenceworkfunc since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so...

DEBIAN-CVE-2024-44956

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preemptfence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preemptfenceworkfunc since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so...

AZL-48763 CVE-2024-44956 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preemptfence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preemptfenceworkfunc since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so...

AZL-48834 CVE-2024-44956 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preemptfence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preemptfenceworkfunc since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so...

UBUNTU-CVE-2024-44956

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preemptfence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preemptfenceworkfunc since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2024-44968 tick/broadcast: Move per CPU pointer access into the atomic section

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers...