30457 matches found
CVE-2024-49880
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...
CVE-2024-49898 drm/amd/display: Check null-initialized variables
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...
SUSE CVE-2024-47702
In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/dataend/datameta syzbot reported a kernel crash due to commit 1f1e864b6555 "bpf: Handle sign-extenstin ctx member accesses". The reason is due to sign-extension of 32-bit...
CVE-2024-49856
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fix deadlock in SGX NUMA node search When the current node doesn't have an EPC section configured by firmware and all other EPC sections are used up, CPU can get stuck inside the while loop that looks for an available EP...
CVE-2024-47687
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5vdpadevadd can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5vdpadestroymrresources ...
CVE-2024-47740
In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...
CVE-2024-47687 vdpa/mlx5: Fix invalid mr resource destroy
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5vdpadevadd can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5vdpadestroymrresources ...
WordPress Social Share Buttons Plugin <= 1.19 is vulnerable to Cross Site Scripting (XSS)
Software Social Share Buttons Type Plugin Vulnerable versions = 1.19 Fixed in 1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9219 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 38e78d810a01 Credits Colin Xu Requir...
GHSA-J42F-WC6V-5XPQ Duplicate Advisory: Permissive Regular Expression in tacquito
Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That...
CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering
RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...
Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954:...
Qnap QTS Cross-site Scripting (CVE-2021-44053)
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and...
Qnap QTS OS Command Injection (CVE-2023-23368)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later...
Qnap QTS Improper Authentication (CVE-2024-21899)
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578...
Qnap QTS Stack-based Buffer Overflow (CVE-2023-41278)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
CVE-2024-47764 affecting package reaper for versions less than 3.1.1-13
CVE-2024-47764 affecting package reaper for versions less than 3.1.1-13. A patched version of the package is available...
CVE-2022-41916 affecting package samba for versions less than 4.18.3-1
CVE-2022-41916 affecting package samba for versions less than 4.18.3-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-46737 affecting package kernel for versions less than 6.6.51.1-5
CVE-2024-46737 affecting package kernel for versions less than 6.6.51.1-5. An upgraded version of the package is available that resolves this issue...
CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7
CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7. A patched version of the package is available...
CVE-2024-45590 affecting package python-tensorboard for versions less than 2.16.2-5
CVE-2024-45590 affecting package python-tensorboard for versions less than 2.16.2-5. A patched version of the package is available...