UBUNTU-CVE-2024-27398

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...

UBUNTU-CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

SUSE CVE-2024-27399

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout There is a race condition between l2capchantimeout and l2capchandel. When we use l2capchandel to delete the channel, the chan-conn will be set to null. But the conn could b...

SUSE CVE-2024-27398

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a timeout issue in the netfilter module...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R timeout parameter, which originates from the failure of the timeout parameter of /cgi-bin/cstecgi.cgi to properly filter constructed command special characters,...

CVE-2024-27397

...

PT-2024-24531 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: A command injection issue was found in the setSSServer function via the timeout parameter at the "/cgi-bin/cstecgi.cgi" API endpoint. Recommendations: For TOTOLINK X5000R version...

F5 BIG-IP SSL Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5 BIG-IP SSL that originates from an attacker being able to cause the Traffic...

CVE-2024-27397 netfilter: nf_tables: use timestamp to check for set element timeout

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

CVE-2024-27397

CVE-2024-27397 affects the Linux kernel nf_tables in netfilter. The root cause is a race where set elements could expire during unfinished control-plane transactions. The fix adds a timestamp field at the start of a transaction and stores it per-netns, updating the set backends’ insert, deactivat...

CVE-2024-34419

CVE-2024-34419: Stored XSS in the WordPress plugin Configure Login Timeout (Nathan Vonnahme). The issue is triggered by improper input neutralization during web-page generation, affecting Configure Login Timeout versions up to 1.0 (no details on patch/version beyond 1.0). Attacker requires high p...

CVE-2024-34419 WordPress Configure Login Timeout plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0...

PT-2024-28069

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue is related to the net/mlx5 component of the Linux kernel, where a timeout has been added to acquire the command queue semaphore. This change prevents forced completion handling on an...

PT-2024-25871 · Unknown · Configure Login Timeout

Name of the Vulnerable Software and Affected Versions: Configure Login Timeout versions from n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: F...

CVE-2024-28889

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

CVE-2024-28889 BIG-IP SSL vulnerability

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

CVE-2024-28889 BIG-IP SSL vulnerability

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

CVE-2024-28889

CVE-2024-28889 affects F5 BIG-IP SSL when an SSL profile with alert timeout is set to a non-default value, causing the Traffic Management Microkernel (TMM) to terminate and disrupt traffic (DoS). Affected branches and fixes per K000138912: BIG-IP (all modules) 17.1.0–17.1.1 vulnerable; fixed in 1...

F5 BIG-IP Next 安全漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5 BIG-IP SSL that originates from an attacker being able to cause the Traffic...