5.5
CVE-2024-26771 - dmaengine: ti: edma: Add some null pointer checks to the edma_probe
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer vโฆ
5.5
CVE-2024-26726 - btrfs: don't drop extent_map for free space inode on write error
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLEโฆ
5.5
CVE-2024-26697 - nilfs2: fix data corruption in dsync block recovery for small block sizes
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount โฆ
5.5
CVE-2024-26686 - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin โฆ
7.3
CVE-2024-31081 - Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a differโฆ
6.1
CVE-2024-27706 -
Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.
7.8
CVE-2024-27674 -
Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.
7.3
CVE-2024-31080 - Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a differโฆ
7.5
CVE-2024-31309 - Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack
HTTP/2 CONTINUATIONย DoS attack can cause Apache Traffic Server to consume more resources on the server.ย Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 areย affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION โฆ
5.5
CVE-2024-26761 - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed โฆ