Latest CVE Feed
-
0.0
NONECVE-2024-49868
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forcing a fai... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49867
In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - t... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49866
In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEB... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49865
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still re... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49864
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, ho... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49863
In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") a null pointer dereference bug... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49368
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 ... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49367
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the serv... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49366
Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, ... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-40746
A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. Th... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47732
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compression_modes[i]->free... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47731
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing The alibaba_uncore_pmu driver forgot to clear all interrupt status in the interrupt processing function. After the PMU cou... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47730
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to injec... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47729
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47728
In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an e... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47727
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the ope... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47726
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused ... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47725
In the Linux kernel, the following vulnerability has been resolved: dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an at... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47724
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: use work queue to process beacon tx event Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template") from Feb 28, 2024 (linux-next), leads to the following Smatch... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47723
In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024