4583 matches found
CVE-2024-12152
CVE-2024-12152 concerns the MIPL WC Multisite Sync WordPress plugin. The Wordfence entry confirms a directory traversal vulnerability that affects all versions up to 1.1.5 via the mipl_wc_sync_download_log action, enabling unauthenticated reading of arbitrary server files containing potentially s...
PT-2025-1731 · WordPress · Jupiter X Core
Name of the Vulnerable Software and Affected Versions: Jupiter X Core plugin for WordPress versions up to, and including, 4.8.5 Description: The issue is related to a missing capability check on the sync libraries function, allowing authenticated attackers with Subscriber-level access and above t...
WordPress plugin MIPL WC Multisite Sync 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
SUSE CVE-2024-56591
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...
PT-2025-41494
Name of the Vulnerable Software and Affected Versions chromium affected versions not specified Description A flaw exists in Google Chrome that could allow attackers to compromise the system. The issue is a heap buffer overflow within the Sync component of Chromium. Recommendations At the moment,...
PT-2025-30809
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified in the drm/msm subsystem of the Linux kernel, specifically within the error handling path for submitting operations. The put unused fd function fails to...
UBUNTU-CVE-2024-56710
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephdirectreadwrite The bvecs array which is allocated in itergetbvecsalloc is leaked and pages remain pinned if cephallocsparseextmap fails. There is no need to delay the allocation of sparseext map unti...
CVE-2024-56710 ceph: fix memory leak in ceph_direct_read_write()
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephdirectreadwrite The bvecs array which is allocated in itergetbvecsalloc is leaked and pages remain pinned if cephallocsparseextmap fails. There is no need to delay the allocation of sparseext map unti...
SUSE CVE-2024-53208
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in setpoweredsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in setpoweredsync+0x3a/0xc0...
DEBIAN-CVE-2024-56591
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...
CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...
DEBIAN-CVE-2024-53207
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hcicmdsyncdequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G ...
DEBIAN-CVE-2024-53208
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in setpoweredsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in setpoweredsync+0x3a/0xc0...
AZL-55733 CVE-2024-53203 affecting package kernel for versions less than 6.6.90.1-1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
AZL-55788 CVE-2024-53203 affecting package kernel for versions less than 5.15.184.1-1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
UBUNTU-CVE-2024-53208
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in setpoweredsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in setpoweredsync+0x3a/0xc0...
UBUNTU-CVE-2024-53203
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
UBUNTU-CVE-2024-53182
In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...
CVE-2024-53208
CVE-2024-53208 is a slab-use-after-free in Bluetooth MGMT set_powered_sync in the Linux kernel. Noise in the Miracle/SUSE advisories confirms the issue and lists it among fixed items in kernel live patches for SLES SLE 15 SPx. Remediation: upgrade/apply the kernel live patch referenced in SUSE/SO...
CVE-2024-53207 Bluetooth: MGMT: Fix possible deadlocks
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hcicmdsyncdequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G ...