CVE-2023-52682 f2fs: fix to wait on block writeback for post_read case

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for postread case If inode is compressed, but not encrypted, it missed to call f2fswaitonblockwriteback to wait for GCed page writeback in IPU write path. Thread A GC-Thread - f2fsgc -...

AZL-67587 CVE-2024-35808 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definitely unsafe because mdreapsyncthread can change many fields that is...

DEBIAN-CVE-2024-35808

In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definitely unsafe because mdreapsyncthread can change many fields that is...

CVE-2024-35798

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in readextentbufferpages There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in memory. After some debugging it turns out there's a race when...

UBUNTU-CVE-2024-35808

In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definitely unsafe because mdreapsyncthread can change many fields that is...

CVE-2024-35822

In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usbepqueue+0x7c/0x104 pc :...

CVE-2024-35798

CVE-2024-35798 is a Linux kernel vulnerability in btrfs where a race in read_extent_buffer_pages can cause uptodate status to be missed during concurrent reads of the same extent buffer. The issue can lead to concurrent modification and tree-checker errors (e.g., corrupted nodes) due to an unnece...

CVE-2024-35798 btrfs: fix race in read_extent_buffer_pages()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in readextentbufferpages There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in memory. After some debugging it turns out there's a race when...

AZL-67818 CVE-2024-35794 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen syncthread during suspend 1 commit f52f5c71f3d4 "md: fix stopping sync thread" remove MDRECOVERYFROZEN from mdstopwrites and doesn't realize that dm-raid relies on mdstopwrites to frozen syncthread...

DEBIAN-CVE-2024-35794

In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen syncthread during suspend 1 commit f52f5c71f3d4 "md: fix stopping sync thread" remove MDRECOVERYFROZEN from mdstopwrites and doesn't realize that dm-raid relies on mdstopwrites to frozen syncthread...

AZL-62675 CVE-2024-35794 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen syncthread during suspend 1 commit f52f5c71f3d4 "md: fix stopping sync thread" remove MDRECOVERYFROZEN from mdstopwrites and doesn't realize that dm-raid relies on mdstopwrites to frozen syncthread...

UBUNTU-CVE-2024-35794

In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen syncthread during suspend 1 commit f52f5c71f3d4 "md: fix stopping sync thread" remove MDRECOVERYFROZEN from mdstopwrites and doesn't realize that dm-raid relies on mdstopwrites to frozen syncthread...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problematic thread synchronization...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mass storage function attempting to queue requests from the main thread, but other threads may have disabl...

Cross-Site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the customer thread feature allowing malicious file uploads through the front-office contact form. When an admin opens the attached file in back office, arbitrary JavaScript will be executed which can...

K000139618: MySQL vulnerabilities CVE-2024-21054, CVE-2024-21009, CVE-2024-20993, and CVE-2024-21102

Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

CVE-2024-34716

PrestaShop CVE-2024-34716 is a XSS flaw affecting 8.1.0–8.1.5 when the customer-thread feature flag is enabled. An attacker can upload a malicious file via the front-office contact form and trigger script execution when an admin opens the attachment in back office, potentially leaking session dat...

CVE-2024-34716 PrestaShop vulnerable to XSS via customer contact form in FO, through file upload

PrestaShop is an open source e-commerce web application. A cross-site scripting XSS vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled throu...

UBUNTU-CVE-2024-30258

FastDDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DD...

PT-2024-26130 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions 8.1.0 through 8.1.5 Description: A cross-site scripting XSS vulnerability is present in PrestaShop when the customer-thread feature flag is enabled. This allows a hacker to upload a malicious file containing an XSS that wi...