7.1
CVE-2024-26789 - crypto: arm64/neonbs - fix out-of-bounds access on short input
In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter thanβ¦
8.8
CVE-2024-29387 -
projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.
8.2
CVE-2020-25730 -
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.
5.5
CVE-2024-26807 - spi: cadence-qspi: fix pointer reference in runtime PM hooks
In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously cannot be correct, uβ¦
5.5
CVE-2024-26806 - spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks The ->runtime_suspend() and ->runtime_resume() callbacks are not expected to call spi_controller_suspend() and spi_controller_resume(). Remove callsβ¦
5.5
CVE-2024-26805 - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]: netlink_to_full_skb() creates a new `skb` and puts the `skb->data` passed as a 1st arg of netlink_to_fulβ¦
6.2
CVE-2024-26799 - ASoC: qcom: Fix uninitialized pointer dmactl
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where __lpass_get_dmactl_handle is called and the driver id dai_id is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since itβ¦
5.5
CVE-2024-26795 - riscv: Sparse-Memory/vmemmap out-of-bounds fix
In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmapβs bounds will be respected during pfn_to_page()/pβ¦
7.8
CVE-2024-26792 - btrfs: fix double free of anonymous device after snapshot creation failure
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result inβ¦
5.5
CVE-2024-26784 - pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal On unloading of the scmi_perf_domain module got the below splat, when in the DT provided to the system under test the '#power-domain-cells' property was missing. Indβ¦