4581 matches found
DEBIAN-CVE-2024-27052
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...
UBUNTU-CVE-2024-27052
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...
[SECURITY] Fedora 38 Update: nextcloud-28.0.4-2.fc38
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...
kernel: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...
kernel: Bluetooth: Fix race condition in hci_cmd_sync_clear
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...
kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free
A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...
Privilege Escalation
couchbase is vulnerable to Privilege Escalation. The vulnerability is due to improper verification of admin credentials when Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, which could result in privilege escalation for unauthenticated users...
PT-2024-9916 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the pm runtime get sync function in the mtk-cmdq component of the Linux kernel. The problem arises from the lack of return value checking of this function. When...
CVE-2024-32644
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...
SUSE CVE-2024-26846
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...
The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool allows a perpetrator to gain unauthorized access to protected information and perform arbitrary actions within the system.
The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool is related to errors in processing the relative path to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...
The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the hostTime parameter...
Mageia: Security Advisory (MGASA-2024-0135)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-32082
Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...
CVE-2024-32082
Cross-Site Request Forgery CSRF vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting XSS.This issue affects Sync Post With Other Site: from n/a through 1.5.1...
CVE-2024-32082 WordPress Sync Post With Other Site plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...
CVE-2024-32082
CVE-2024-32082 concerns a CSRF issue affecting the kp4coder Sync Post With Other Site plugin, enabling Cross-Site Scripting (XSS) in the impacted workflow. The description states the vulnerability affects Sync Post With Other Site versions from n/a up to 1.5.1. The Connected documents do not prov...
CVE-2024-32082 WordPress Sync Post With Other Site plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...
WordPress Plugin Sync Post With Other Site 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Sync Post With Other Site A...