CVE List - 2024 / April
Showing 2401 - 2500 of 3606 CVEs for April 2024 (Page 25 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-26824 | 2024-04-17 | crypto: algif_hash - Remove bogus SGL free on zero-length error path |
| CVE-2024-26825 | 2024-04-17 | nfc: nci: free rx_data_reassembly skb on NCI device cleanup |
| CVE-2024-26826 | 2024-04-17 | mptcp: fix data re-injection from stale subflow |
| CVE-2024-26828 | 2024-04-17 | cifs: fix underflow in parse_server_interfaces() |
| CVE-2024-26830 | 2024-04-17 | i40e: Do not allow untrusted VF to remove administratively set MAC |
| CVE-2024-26831 | 2024-04-17 | net/handshake: Fix handshake_req_destroy_test1 |
| CVE-2024-32528 | 2024-04-17 | WordPress WP Dynamic Keywords Injector plugin <= 2.3.18 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32527 | 2024-04-17 | WordPress Jotform Online Forms plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32526 | 2024-04-17 | WordPress Easy Textillate plugin <= 2.02 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32510 | 2024-04-17 | WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32508 | 2024-04-17 | WordPress DethemeKit For Elementor plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32505 | 2024-04-17 | WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32457 | 2024-04-17 | WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32456 | 2024-04-17 | WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32130 | 2024-04-17 | WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-26829 | 2024-04-17 | media: ir_toy: fix a memleak in irtoy_tx |
| CVE-2024-26832 | 2024-04-17 | mm: zswap: fix missing folio cleanup in writeback race path |
| CVE-2024-26833 | 2024-04-17 | drm/amd/display: Fix memory leak in dm_sw_fini() |
| CVE-2024-26834 | 2024-04-17 | netfilter: nft_flow_offload: release dst in case direct xmit path is used |
| CVE-2024-26835 | 2024-04-17 | netfilter: nf_tables: set dormant flag on hook register failure |
| CVE-2024-26836 | 2024-04-17 | platform/x86: think-lmi: Fix password opcode ordering for workstations |
| CVE-2024-26837 | 2024-04-17 | net: bridge: switchdev: Skip MDB replays of deferred events on offload |
| CVE-2024-26838 | 2024-04-17 | RDMA/irdma: Fix KASAN issue with tasklet |
| CVE-2024-26839 | 2024-04-17 | IB/hfi1: Fix a memleak in init_credit_return |
| CVE-2024-26840 | 2024-04-17 | cachefiles: fix memory leak in cachefiles_add_cache() |
| CVE-2024-26841 | 2024-04-17 | LoongArch: Update cpu_sibling_map when disabling nonboot CPUs |
| CVE-2024-26842 | 2024-04-17 | scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() |
| CVE-2024-26843 | 2024-04-17 | efi: runtime: Fix potential overflow of soft-reserved region size |
| CVE-2024-26844 | 2024-04-17 | block: Fix WARNING in _copy_from_iter |
| CVE-2024-26845 | 2024-04-17 | scsi: target: core: Add TMF to tmr_list handling |
| CVE-2024-26846 | 2024-04-17 | nvme-fc: do not wait in vain when unloading module |
| CVE-2024-1350 | 2024-04-17 | WordPress Honeypot for WP Comment plugin <= 2.2.3 - Arbitrary File Deletion vulnerability |
| CVE-2022-41698 | 2024-04-17 | WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control |
| CVE-2024-26847 | 2024-04-17 | powerpc/rtas: use correct function name for resetting TCE tables |
| CVE-2024-26849 | 2024-04-17 | netlink: add nla be16/32 types to minlen array |
| CVE-2024-26850 | 2024-04-17 | mm/debug_vm_pgtable: fix BUG_ON with pud advanced test |
| CVE-2024-26851 | 2024-04-17 | netfilter: nf_conntrack_h323: Add protection for bmp length out of range |
| CVE-2024-26852 | 2024-04-17 | net/ipv6: avoid possible UAF in ip6_route_mpath_notify() |
| CVE-2024-26853 | 2024-04-17 | igc: avoid returning frame twice in XDP_REDIRECT |
| CVE-2024-26854 | 2024-04-17 | ice: fix uninitialized dplls mutex usage |
| CVE-2024-26855 | 2024-04-17 | net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() |
| CVE-2024-26856 | 2024-04-17 | net: sparx5: Fix use after free inside sparx5_del_mact_entry |
| CVE-2024-26857 | 2024-04-17 | geneve: make sure to pull inner header in geneve_rx() |
| CVE-2024-26858 | 2024-04-17 | net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map |
| CVE-2022-47151 | 2024-04-17 | WordPress JS Help Desk plugin <= 2.7.1 - Unauth. SQL Injection Vulnerability |
| CVE-2023-52644 | 2024-04-17 | wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled |
| CVE-2024-26859 | 2024-04-17 | net/bnx2x: Prevent access to a freed page in page_pool |
| CVE-2024-26860 | 2024-04-17 | dm-integrity: fix a memory leak when rechecking the data |
| CVE-2024-26861 | 2024-04-17 | wireguard: receive: annotate data-race around receiving_counter.counter |
| CVE-2024-26862 | 2024-04-17 | packet: annotate data-races around ignore_outgoing |
| CVE-2024-26863 | 2024-04-17 | hsr: Fix uninit-value access in hsr_get_node() |
| CVE-2024-26864 | 2024-04-17 | tcp: Fix refcnt handling in __inet_hash_connect(). |
| CVE-2024-26865 | 2024-04-17 | rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). |
| CVE-2024-26866 | 2024-04-17 | spi: lpspi: Avoid potential use-after-free in probe() |
| CVE-2024-26867 | 2024-04-17 | comedi: comedi_8255: Correct error in subdevice initialization |
| CVE-2024-26868 | 2024-04-17 | nfs: fix panic when nfs4_ff_layout_prepare_ds() fails |
| CVE-2024-26869 | 2024-04-17 | f2fs: fix to truncate meta inode pages forcely |
| CVE-2024-26870 | 2024-04-17 | NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 |
| CVE-2024-26871 | 2024-04-17 | f2fs: fix NULL pointer dereference in f2fs_submit_page_write() |
| CVE-2024-26872 | 2024-04-17 | RDMA/srpt: Do not register event handler until srpt device is fully setup |
| CVE-2024-26873 | 2024-04-17 | scsi: hisi_sas: Fix a deadlock issue related to automatic dump |
| CVE-2024-26874 | 2024-04-17 | drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip |
| CVE-2024-26875 | 2024-04-17 | media: pvrusb2: fix uaf in pvr2_context_set_notify |
| CVE-2024-26876 | 2024-04-17 | drm/bridge: adv7511: fix crash on irq during probe |
| CVE-2024-26877 | 2024-04-17 | crypto: xilinx - call finalize with bh disabled |
| CVE-2024-26878 | 2024-04-17 | quota: Fix potential NULL pointer dereference |
| CVE-2024-26879 | 2024-04-17 | clk: meson: Add missing clocks to axg_clk_regmaps |
| CVE-2024-26880 | 2024-04-17 | dm: call the resume method on internal suspend |
| CVE-2024-26881 | 2024-04-17 | net: hns3: fix kernel crash when 1588 is received on HIP08 devices |
| CVE-2024-26882 | 2024-04-17 | net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() |
| CVE-2024-26883 | 2024-04-17 | bpf: Fix stackmap overflow check on 32-bit arches |
| CVE-2024-26884 | 2024-04-17 | bpf: Fix hashtab overflow check on 32-bit arches |
| CVE-2024-26885 | 2024-04-17 | bpf: Fix DEVMAP_HASH overflow check on 32-bit arches |
| CVE-2024-26886 | 2024-04-17 | Bluetooth: af_bluetooth: Fix deadlock |
| CVE-2024-26887 | 2024-04-17 | Bluetooth: btusb: Fix memory leak |
| CVE-2024-26888 | 2024-04-17 | Bluetooth: msft: Fix memory leak |
| CVE-2024-26889 | 2024-04-17 | Bluetooth: hci_core: Fix possible buffer overflow |
| CVE-2024-26890 | 2024-04-17 | Bluetooth: btrtl: fix out of bounds memory access |
| CVE-2024-26891 | 2024-04-17 | iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected |
| CVE-2024-26892 | 2024-04-17 | wifi: mt76: mt7921e: fix use-after-free in free_irq() |
| CVE-2024-26893 | 2024-04-17 | firmware: arm_scmi: Fix double free in SMC transport cleanup path |
| CVE-2024-26894 | 2024-04-17 | ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() |
| CVE-2024-26895 | 2024-04-17 | wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces |
| CVE-2024-26896 | 2024-04-17 | wifi: wfx: fix memory leak when starting AP |
| CVE-2024-26897 | 2024-04-17 | wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete |
| CVE-2024-26898 | 2024-04-17 | aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts |
| CVE-2024-26899 | 2024-04-17 | block: fix deadlock between bd_link_disk_holder and partition scan |
| CVE-2024-26900 | 2024-04-17 | md: fix kmemleak of rdev->serial |
| CVE-2024-26901 | 2024-04-17 | do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak |
| CVE-2024-26902 | 2024-04-17 | perf: RISCV: Fix panic on pmu overflow handler |
| CVE-2024-26903 | 2024-04-17 | Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security |
| CVE-2024-26906 | 2024-04-17 | x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() |
| CVE-2024-26907 | 2024-04-17 | RDMA/mlx5: Fix fortify source warning while accessing Eth segment |
| CVE-2024-26909 | 2024-04-17 | soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free |
| CVE-2024-3905 | 2024-04-17 | Tenda AC500 execCommand R7WebsSecurityHandler stack-based overflow |
| CVE-2024-3906 | 2024-04-17 | Tenda AC500 QuickIndex formQuickIndex stack-based overflow |
| CVE-2023-51500 | 2024-04-17 | WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability |
| CVE-2023-51418 | 2024-04-17 | WordPress JVM rich text icons plugin <= 1.2.6 - Arbitrary File Deletion vulnerability |
| CVE-2024-3907 | 2024-04-17 | Tenda AC500 setcfm formSetCfm stack-based overflow |
| CVE-2024-3908 | 2024-04-17 | Tenda AC500 WriteFacMac formWriteFacMac command injection |