The vulnerability of the formSetRebootTimer function (/goform/SetSysAutoRebbotCfg) in the Tenda AC10 router’s microprogramming system allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetRebootTimer function /goform/SetSysAutoRebbotCfg in the Tenda AC10 router’s microprogramming system is related to the issue of the operation exceeding the buffer boundaries in memory when processing the rebootTime parameter. Exploiting this vulnerability allows a...

AZL-54620 CVE-2024-53089 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f "KVM: LAPIC: Mark hrtimer to expire in hard interrupt context" and commit 9090825fa9974 "KVM: arm/arm64: Let the timer expire in hardirq...

UBUNTU-CVE-2024-53089

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f "KVM: LAPIC: Mark hrtimer to expire in hard interrupt context" and commit 9090825fa9974 "KVM: arm/arm64: Let the timer expire in hardirq...

UBUNTU-CVE-2024-53072

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amdpmc module as: amdpmc enablestb=1 ...can result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on R...

CVE-2024-51863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Profit Funnels PF Timer pf-timer allows Stored XSS.This issue affects PF Timer: from n/a through = 1.0.0...

CVE-2024-51863 WordPress PF Timer plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Profit Funnels PF Timer pf-timer allows Stored XSS.This issue affects PF Timer: from n/a through = 1.0.0...

CVE-2024-51863

CVE-2024-51863 : Stored XSS in WordPress PF Timer plugin (PF Timer,

CVE-2024-51863 WordPress PF Timer plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Team Profit-Funnels PF Timer allows Stored XSS.This issue affects PF Timer: from n/a through 1.0.0...

kernel: mptcp: pm: Fix uaf in __timer_delete_sync

A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: mptcp: pm: Fix uaf in __timer_delete_sync

A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

WordPress plugin PF Timer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

CLSA-2024-1731933167 kernel: Fix of 36 CVEs

smb: client: fix use-after-free in smb2queryinfocompound CVE-2023-52751 - smb: client: prevent new fids from being removed by laundromat CVE-2023-52751 - cifs: fix dentry lookups in directory handle cache CVE-2023-52751 - uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 -...

CVE-2024-11248

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely...

CVE-2023-4134

A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...

AZL-53227 CVE-2023-4134 affecting package kernel 5.15.200.1-1

A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...

DEBIAN-CVE-2023-4134

A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...

kernel: mptcp: pm: Fix uaf in __timer_delete_sync

A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: mptcp: pm: Fix uaf in __timer_delete_sync

A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: mptcp: pm: Fix uaf in __timer_delete_sync

A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: mptcp: pm: Fix uaf in __timer_delete_sync

A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...