9573 matches found
UBUNTU-CVE-2022-48985
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi workdone After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq-workdone. If the other thread for...
AZL-52613 CVE-2024-49952 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prevent nfskbduplicated corruption syzbot found that nfdupipv4 or nfdupipv6 could write per-cpu variable nfskbduplicated in an unsafe way 1. Disabling preemption as hinted by the splat is not enough, we have ...
AZL-52896 CVE-2024-49926 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix access non-existent percpu rtpcp variable in rcutasksneedgpcb For kernels built with CONFIGFORCENRCPUS=y, the nrcpuids is defined as NRCPUS instead of the number of possible cpus, this will cause the following syst...
DEBIAN-CVE-2024-49908
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpudmupdatecursor v2 This commit adds a null check for the 'afb' variable in the amdgpudmupdatecursor function. Previously, 'afb' was assumed to be null at line 8388, but was used...
AZL-51053 CVE-2024-49905 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpudmplanehandlecursorupdate v2 This commit adds a null check for the 'afb' variable in the amdgpudmplanehandlecursorupdate function. Previously, 'afb' was assumed to be null, but w...
UBUNTU-CVE-2024-49926
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix access non-existent percpu rtpcp variable in rcutasksneedgpcb For kernels built with CONFIGFORCENRCPUS=y, the nrcpuids is defined as NRCPUS instead of the number of possible cpus, this will cause the following syst...
UBUNTU-CVE-2024-49905
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpudmplanehandlecursorupdate v2 This commit adds a null check for the 'afb' variable in the amdgpudmplanehandlecursorupdate function. Previously, 'afb' was assumed to be null, but w...
UBUNTU-CVE-2024-49908
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpudmupdatecursor v2 This commit adds a null check for the 'afb' variable in the amdgpudmupdatecursor function. Previously, 'afb' was assumed to be null at line 8388, but was used...
CVE-2024-49952 netfilter: nf_tables: prevent nf_skb_duplicated corruption
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prevent nfskbduplicated corruption syzbot found that nfdupipv4 or nfdupipv6 could write per-cpu variable nfskbduplicated in an unsafe way 1. Disabling preemption as hinted by the splat is not enough, we have ...
CVE-2024-49926 rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb()
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix access non-existent percpu rtpcp variable in rcutasksneedgpcb For kernels built with CONFIGFORCENRCPUS=y, the nrcpuids is defined as NRCPUS instead of the number of possible cpus, this will cause the following syst...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from the rcu-tasks module incorrectly accessing a non-existent per-CPU rtpcp variable in the rcutasksneedgpcb...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition issue with the per-CQ variable napi workdone in the net:mana subsystem...
SUSE-SU-2024:3733-1 Security update for php7
This update for php7 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...
The vulnerability of the squashfs_read inode() function in the squashfs file system of Linux kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the squashfsread inode function in the fs/squashfs/inode.c file of the squashfs file system in the Linux kernel is related to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
The vulnerability of the gue_gro_receive() function in the IPv4 implementation of the Linux operating system’s kernel allows a attacker to compromise the confidentiality and accessibility of the protected information.
The vulnerability of the guegroreceive function in the net/ipv4/foucore.c module, which is part of the Linux operating system’s IPv4 kernel implementation, relates to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and...
The vulnerability of the setup_one_line() function in the Linux operating system’s kernel in the User-mode-Linux (UML) mode allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the setuponeline function in the arch/um/drivers/line.c module of the Linux kernel in the User-mode-Linux UML mode is related to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
SUSE-SU-2024:3664-1 Security update for php8
This update for php8 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...
CVE-2024-45714
Application is vulnerable to Cross Site Scripting XSS an authenticated attacker with users’ permissions can modify a variable with a payload...
CVE-2024-45714
Application is vulnerable to Cross Site Scripting XSS an authenticated attacker with users’ permissions can modify a variable with a payload...
CVE-2024-45714 SolarWinds Serv-U Stored XSS Vulnerability
Application is vulnerable to Cross Site Scripting XSS an authenticated attacker with users’ permissions can modify a variable with a payload...