3.3
CVE-2024-42233 - filemap: replace pte_offset_map() with pte_offset_map_nolock()
In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte). After a pte_unmap(vmf->ptโฆ
5.5
CVE-2024-42236 - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') foโฆ
5.5
CVE-2024-42234 - mm: fix crashes from deferred split racing folio migration
In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??), and VM_โฆ
8.4
CVE-2024-41309 -
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
8.4
CVE-2024-41308 -
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
9.8
CVE-2024-34479 -
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.
5.5
CVE-2024-42242 - mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE blk_queue_max_segment_size() ensured: if (max_size < PAGE_SIZE) max_size = PAGE_SIZE; whereas: blk_validate_limits() makes it an error: if (WARN_ON_ONCE(lim->max_segment_siโฆ
5.5
CVE-2024-42248 - tty: serial: ma35d1: Add a NULL check for of_node
In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check for of_node The pdev->dev.of_node can be NULL if the "serial" node is absent. Add a NULL check to return an error in such cases.
5.3
CVE-2024-41243 -
An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.
5.5
CVE-2024-42232 - libceph: fix race between delayed_work() and ceph_monc_stop()
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed wโฆ