CVE-2024-35887

In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...

DEBIAN-CVE-2024-35887

In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...

AZL-54730 CVE-2024-35887 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...

CVE-2024-35876

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

UBUNTU-CVE-2024-35887

In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...

CVE-2024-35876

CVE-2024-35876 is not rejected in the connected documents. It is listed in Red Hat advisory RHSA-2025:1658 (kernel update) as CVE-2024-35876 affecting the Linux kernel, specifically noting an issue in x86/mce where the mce_sysfs_mutex should be acquired in set_bank(). The MiracleLinux/Nessus entr...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a timer that does not properly terminate a kernel socket...

CLSA-2024-1715951065 kernel: Fix of 10 CVEs

scsi: lpfc: Fix use-after-free in lpfcunregrpi routine CVE-2021-47198 - fs,hugetlb: fix NULL pointer dereference in hugetlbsfillsuper CVE-2024-0841 - bpf: Fix incorrect verifier pruning due to missing register precision taints CVE-2023-2163 - bpf: Fix hashtab overflow check on 32-bit arches...

PT-2024-31330

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50 Description A vulnerability in the Linux kernel has been resolved, related to the Bluetooth driver btnxpuart. When unloading the driver, its associated timer is deleted. However, if the timer is modified a...

CVE-2024-4209

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-4209 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

PT-2024-29744 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.36 Description: The issue is related to Stored Cross-Site Scripting via the countdown timer due to insufficient input...

CVE-2024-26998

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

CVE-2024-26998

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uartttyportshutdown under the spin lock. However, the PM or other timer based callbacks may still trigger after this event withou...

kernel: cxgb4: use-after-free in ch_flower_stats_cb()

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flowerstatstimer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition...

kernel: scsi: target: iscsit: Free cmds before session free

A use-after-free vulnerability was found in the Linux kernel's iSCSI target subsystem. When the Time2Retain timer expires and an iSCSI session is being cleaned up, commands from recovery entries are freed after the session has already been closed. This leads to a NULL pointer dereference or...

The vulnerability of the formSetRebootTimer function (/goform/SetRebootTimer) in the Tenda AC8 router’s microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetRebootTimer function /goform/SetRebootTimer in the Tenda AC8 router’s microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

RHEL 5 : java-1.4.2-ibm-sap (RHSA-2011:0870)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0870 advisory. - JDK unspecified vulnerability in Deployment component CVE-2010-4447, CVE-2010-4466, CVE-2010-4475 - OpenJDK DNS cache poisoning by untrust...

CVE-2024-4239

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The...