kernel: tcp: avoid too many retransmit packets

A vulnerability was found in the tcpretransmittimer function in the Linux kernel's TCP implementation. This issue occurs when a TCP socket uses TCPUSERTIMEOUT and the peer's window retracts to zero, leading to excessive retransmission of packets every two milliseconds for up to four minutes after...

kernel: PM / devfreq: Synchronize devfreq_monitor_[start/stop]

A flaw was found in the Linux kernel resulting from race conditions and a lack of synchronization in handling the delayed work timers in the devfreq component. This issue can lead to inconsistencies and a corruption of the timer list...

kernel: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of...

kernel: net/mlx5: Always stop health timer during driver removal

A vulnerability was found in the Linux kernel's mlx5 driver, in the driver removal process where the teardownhca function can fail, where the health timer may continue running, leading to a use-after-free condition when the timer attempts to access freed resources...

ext4: fix timer use-after-free on failed mount

...

PT-2024-37014

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to soft lockups in the Linux kernel's IPv6 route handling, specifically in the fib6 select path function. This occurs when the nodes of the linked list are...

mptcp: pm: Fix uaf in __timer_delete_sync

...

CVE-2024-10669

The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure

The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure

The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2024-10669

CVE-2024-10669 affects the WordPress plugin “Countdown Timer block – Display the event’s date into a timer.” The issue is Information Exposure via the [ctb] shortcode in all versions up to and including 1.2.4, allowing authenticated users with Contributor-level access or higher to retrieve data f...

WordPress plugin Countdown Timer block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Countdown Timer plugin <= 1.2.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Countdown Timer versions = 1.2.4...

SUSE CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

PT-2024-16445 · WordPress · Countdown Timer Block Plugin

Name of the Vulnerable Software and Affected Versions: Countdown Timer block plugin for WordPress versions up to, and including, 1.2.4 Description: The Countdown Timer block plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts can be included via...

WordPress PF Timer Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software PF Timer Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51863 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e418ba42a4a Credits SOPROBRO Required privilege Contributor Publish...

CVE-2024-50154

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

DEBIAN-CVE-2024-50157

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Avoid CPU lockups due fifo occupancy check loop Driver waits indefinitely for the fifo occupancy to go below a threshold as soon as the pacing interrupt is received. This can cause soft lockup on one of the processor...

AZL-52967 CVE-2024-50154 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...