CVE-2024-42071

In the Linux kernel, the following vulnerability has been resolved: ionic: use devconsumeskbany outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb, specifically we need to call it with budget==0 to signal to it that we're not in a safe...

CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

PT-2024-5757 · Unknown · Kraken Stress Testing Toolkit

Name of the Vulnerable Software and Affected Versions: Kraken Stress Testing Toolkit affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in the Kraken Stress Testing Toolkit, a tool for load testing SIEM systems. This can be...

A Senate Bill Would Radically Improve Voting Machine Security

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities...

New Research: The Proliferation of Cellular in IoT

Researchers explain the trend and argue for deeper understanding Analysis of Cellular Based Internet of Things IoT Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In thi...

DEBIAN-CVE-2024-42115

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...

CVE-2024-42115

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...

CVE-2024-42115 jffs2: Fix potential illegal address access in jffs2_free_inode

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...

CVE-2024-42115 jffs2: Fix potential illegal address access in jffs2_free_inode

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...

CVE-2024-6727

A flaw in versions of Delphix Data Control Tower DCT prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application...

CVE-2024-6727 Broken Access Control in Delphix

A flaw in versions of Delphix Data Control Tower DCT prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application...

CVE-2024-6727 Broken Access Control in Delphix

A flaw in versions of Delphix Data Control Tower DCT prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application...

CVE-2024-6727

CVE-2024-6727 affects Delphix Data Control Tower (DCT) versions prior to 19.0.0. The root cause is a flaw in the app’s enable-scale-testing functionality that results in broken authentication . Impact described as authentication weaknesses; no exploitation details provided in the documents. Remed...

CVE-2024-42090

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...

CVE-2024-42090 pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...

CVE-2024-42090 pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...

CVE-2024-42090

The CVE CVE-2024-42090 affects the Linux kernel pinctrl subsystem. Root cause: in create_pinctrl(), pinctrl_maps_mutex is held when add_setting() can return -EPROBE_DEFER, and the code then calls pinctrl_free(), which attempts to re-acquire pinctrl_maps_mutex, risking a deadlock. The patch fixes ...

CVE-2024-42071

In the Linux kernel, the following vulnerability has been resolved: ionic: use devconsumeskbany outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb, specifically we need to call it with budget==0 to signal to it that we're not in a safe...

CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...