UBUNTU-CVE-2024-55639

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

CVE-2024-55639 net: renesas: rswitch: avoid use-after-put for a device tree node

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

CVE-2024-55639 net: renesas: rswitch: avoid use-after-put for a device tree node

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

CVE-2024-55639

CVE-2024-55639 : In the Linux kernel, the net: renesas: rswitch driver incorrectly uses a saved device-tree node after it has been put (via of_node_put()) in multiple locations. The node is stored in rswitch_device and used by several code paths, so calling of_node_put() after first use leads to ...

CVE-2024-53171 ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifstncendcommit After an insertion in TNC, the tree might split and cause a node to change its znode-parent. A further deletion of other nodes in the tree which also could free the...

UBUNTU-CVE-2024-50204

In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling freemntns will try to remove the copy from the rbtree which is...

i-doit 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...

tty: serial: ma35d1: Add a NULL check for of_node

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that the tty:serial:ma35d1 module may be null for pdev-dev.ofnode when the serial node is missing...

SUSE CVE-2024-40991

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix ofk3udmaglueparsechnbyid The ofk3udmaglueparsechnbyid helper function erroneously invokes "ofnodeput" on the "udmaxnp" device-node passed to it, without having incremented its reference count at a...

CVE-2021-47609

CVE-2021-47609 : Linux kernel vulnerability in the SCPI genpd driver for arm SCPI firmware. The issue was a missing bound check on scpi_pd->name, which could overflow a 30-byte buffer when copying the device name, potentially leading to memory corruption. The fix allocates the string dynamical...

PT-2024-26853 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from the mechanism introduced to prevent a write hole of an extent buffer in the Btrfs file system. When btrfs clear buffer dirty marks an extent buffer as EXTENT BUFF...

CVE-2021-47510

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the following script. !/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/$d done mount /dev/sda /mnt/test...

CVE-2021-47510 btrfs: fix re-dirty process of tree-log nodes

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the following script. !/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/$d done mount /dev/sda /mnt/test...

WPvivid Backup & Migration Plugin < 0.9.100 - Admin+ PHAR Deserialization

Description The plugin is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the treenodenodeid parameter. Th...

WordPress Plugin WPvivid Backup & Migration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-26685

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite, which handles the completion of block device writes, may detect abnormal condition of the buffer asyncwrite flag and cause a BUGO...

Malicious Package

Overview tree-node-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

OSV-2022-409 Heap-buffer-overflow in std::__1::__tree_node_base<void*>*& std::__1::__tree<std::__1::__value_type<std:

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47391 Crash type: Heap-buffer-overflow READ 1 Crash state: std::1::treenodebase& std::1::treestd::1::valuetypestd: std::1::pairstd::1::treeiteratorstd::1::valuetypestd::1::basic...

CVE-2018-3607

XXXTreeNode method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...