CVE-2024-43885

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-43885

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-43885

...

CVE-2024-43885

...

PT-2024-30742 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a double inode unlock for direct IO sync writes in the btrfs file system. When a direct IO sync write is performed at btrfs sync file, and inode logging needs t...

UBUNTU-CVE-2022-48930

In the Linux kernel, the following vulnerability has been resolved: RDMA/ibsrp: Fix a deadlock Remove the flushworkqueuesystemlongwq call since flushing systemlongwq is deadlock-prone and since that call is redundant with a preceding cancelworksync...

SUSE CVE-2022-48880

In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssamrequestsyncfree Although rare, ssamrequestsyncinit can fail. In that case, the request should be freed via ssamrequestsyncfree. Currently it is leaked instead. Fix this...

CVE-2024-7647

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

CVE-2024-7647 OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

CVE-2024-7647 OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

WordPress OTA Sync Booking Engine Widget plugin <= 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Ala Arfaoui in WordPress Plugin OTA Sync Booking Engine Widget versions = 1.2.7...

The vulnerability of the cancel_work_sync() function in the appletouch component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the cancelworksync function in the appletouch component of the Linux operating system’s kernel is related to improper initialization of dev-work after the inputregisterdevice call. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

WordPress OTA Sync Booking Engine Widget Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software OTA Sync Booking Engine Widget Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7647 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID d35ee6f2779f Credits Ala...

WordPress plugin OTA Sync Booking Engine Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-43397

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

CVE-2024-42268

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...

CVE-2024-43820

In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARNONONCE check for syncthread in raidresume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DMRECOVERYRUNNING is set: WARNING: CPU: 7 PID: 5660 at...

SUSE CVE-2024-42260

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking...

SUSE CVE-2024-42262

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the performance extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it ...

SUSE CVE-2024-42263

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the timestamp extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it by...