7.8
CVE-2024-26995 - usb: typec: tcpm: Correct the PDO counting in pd_set
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pd_set Off-by-one errors happen because nr_snk_pdo and nr_src_pdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop aβ¦
5.5
CVE-2024-26942 - net: phy: qcom: at803x: fix kernel panic with at8031_probe
In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031_probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually allocβ¦
5.5
CVE-2024-26997 - usb: dwc2: host: Fix dereference issue in DDMA completion flow.
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host: Fix dereference issue in DDMA completion flow. Fixed variable dereference issue in DDMA completion flow.
5.9
CVE-2024-26994 - speakup: Avoid crash on very long word
In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word (> 256 characters), we have to stop before the length of the word buffer.
7.8
CVE-2024-26955 - nilfs2: prevent kernel bug at submit_bh_wbc()
In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent kernel bug at submit_bh_wbc() Fix a bug where nilfs_get_block() returns a successful status when searching and inserting the specified block both fail inconsistently. If this inconsistent behavior is not due to aβ¦
8.5
CVE-2024-32114 - Apache ActiveMQ: Jolokia and REST API were not secured with default configuration
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia β¦
5.5
CVE-2024-27016 - netfilter: flowtable: validate pppoe header
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field.
6.1
CVE-2023-23021 -
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php.
5.5
CVE-2024-26956 - nilfs2: fix failure to detect DAT corruption in btree and direct mappings
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submit_bh_wbc()". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made eaβ¦
5.5
CVE-2023-52651 - kernel: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.