kernel: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

kernel: Bluetooth: Fix race condition in hci_cmd_sync_clear

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...

Privilege Escalation

couchbase is vulnerable to Privilege Escalation. The vulnerability is due to improper verification of admin credentials when Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, which could result in privilege escalation for unauthenticated users...

PT-2024-9916 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the pm runtime get sync function in the mtk-cmdq component of the Linux kernel. The problem arises from the lack of return value checking of this function. When...

CVE-2024-32644

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

SUSE CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool allows a perpetrator to gain unauthorized access to protected information and perform arbitrary actions within the system.

The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool is related to errors in processing the relative path to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the hostTime parameter...

Mageia: Security Advisory (MGASA-2024-0135)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-32082

Cross-Site Request Forgery CSRF vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting XSS.This issue affects Sync Post With Other Site: from n/a through 1.5.1...

CVE-2024-32082

Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...

CVE-2024-32082

CVE-2024-32082 concerns a CSRF issue affecting the kp4coder Sync Post With Other Site plugin, enabling Cross-Site Scripting (XSS) in the impacted workflow. The description states the vulnerability affects Sync Post With Other Site versions from n/a up to 1.5.1. The Connected documents do not prov...

CVE-2024-32082 WordPress Sync Post With Other Site plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...

CVE-2024-32082 WordPress Sync Post With Other Site plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...

WordPress Plugin Sync Post With Other Site 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Sync Post With Other Site A...

CVE-2021-47184

A NULL pointer dereference flaw was found in the Linux kernel, in VSI filter sync. This may lead to a crash...

WordPress Sheets to WP Table Live Sync plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin FlexTable versions = 3.5.0...

WordPress Sync Post With Other Site plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross Site Request Forgery CSRF to XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Sync Post With Other Site versions = 1.9.1...

WordPress Sync Post With Other Site Plugin <= 1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sync Post With Other Site Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32082 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 54246cdaae95 Credits Joshua Chan...