CVE List - 2024 / June
Showing 2101 - 2200 of 3082 CVEs for June 2024 (Page 22 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38581 | 2024-06-19 | drm/amdgpu/mes: fix use-after-free issue |
| CVE-2024-38582 | 2024-06-19 | nilfs2: fix potential hang in nilfs_detach_log_writer() |
| CVE-2024-38583 | 2024-06-19 | nilfs2: fix use-after-free of timer for log writer thread |
| CVE-2024-38584 | 2024-06-19 | net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() |
| CVE-2024-38585 | 2024-06-19 | tools/nolibc/stdlib: fix memory error in realloc() |
| CVE-2024-38586 | 2024-06-19 | r8169: Fix possible ring buffer corruption on fragmented Tx packets. |
| CVE-2024-38587 | 2024-06-19 | speakup: Fix sizeof() vs ARRAY_SIZE() bug |
| CVE-2024-38588 | 2024-06-19 | ftrace: Fix possible use-after-free issue in ftrace_location() |
| CVE-2024-38329 | 2024-06-19 | IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass |
| CVE-2023-37872 | 2024-06-19 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability |
| CVE-2024-38589 | 2024-06-19 | netrom: fix possible dead-lock in nr_rt_ioctl() |
| CVE-2024-38590 | 2024-06-19 | RDMA/hns: Modify the print level of CQE error |
| CVE-2024-38591 | 2024-06-19 | RDMA/hns: Fix deadlock on SRQ async events. |
| CVE-2024-38592 | 2024-06-19 | drm/mediatek: Init `ddp_comp` with devm_kcalloc() |
| CVE-2024-38593 | 2024-06-19 | net: micrel: Fix receiving the timestamp in the frame for lan8841 |
| CVE-2024-38594 | 2024-06-19 | net: stmmac: move the EST lock to struct stmmac_priv |
| CVE-2024-38595 | 2024-06-19 | net/mlx5: Fix peer devlink set for SF representor devlink port |
| CVE-2024-38596 | 2024-06-19 | af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg |
| CVE-2024-38597 | 2024-06-19 | eth: sungem: remove .ndo_poll_controller to avoid deadlocks |
| CVE-2024-38598 | 2024-06-19 | md: fix resync softlockup when bitmap size is less than array size |
| CVE-2024-38599 | 2024-06-19 | jffs2: prevent xattr node from overflowing the eraseblock |
| CVE-2024-38600 | 2024-06-19 | ALSA: Fix deadlocks with kctl removals at disconnection |
| CVE-2023-37869 | 2024-06-19 | WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2024-23443 | 2024-06-19 | A high-privileged user, allowed to create custom osquery packs 17... |
| CVE-2024-38601 | 2024-06-19 | ring-buffer: Fix a race between readers and resize checks |
| CVE-2024-38602 | 2024-06-19 | ax25: Fix reference count leak issues of ax25_dev |
| CVE-2024-38603 | 2024-06-19 | drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() |
| CVE-2024-38604 | 2024-06-19 | block: refine the EOF check in blkdev_iomap_begin |
| CVE-2024-38605 | 2024-06-19 | ALSA: core: Fix NULL module pointer assignment at card init |
| CVE-2024-38606 | 2024-06-19 | crypto: qat - validate slices count returned by FW |
| CVE-2024-38607 | 2024-06-19 | macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" |
| CVE-2023-36684 | 2024-06-19 | WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability |
| CVE-2023-36683 | 2024-06-19 | WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2023-36676 | 2024-06-19 | WordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerability |
| CVE-2024-38608 | 2024-06-19 | net/mlx5e: Fix netif state handling |
| CVE-2024-38609 | 2024-06-19 | wifi: mt76: connac: check for null before dereferencing |
| CVE-2024-38610 | 2024-06-19 | drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() |
| CVE-2024-38611 | 2024-06-19 | media: i2c: et8ek8: Don't strip remove function when driver is builtin |
| CVE-2024-38612 | 2024-06-19 | ipv6: sr: fix invalid unregister error path |
| CVE-2024-38613 | 2024-06-19 | m68k: Fix spinlock race in kernel thread creation |
| CVE-2024-38614 | 2024-06-19 | openrisc: traps: Don't send signals to kernel mode threads |
| CVE-2024-38615 | 2024-06-19 | cpufreq: exit() callback is optional |
| CVE-2024-38616 | 2024-06-19 | wifi: carl9170: re-fix fortified-memset warning |
| CVE-2024-38617 | 2024-06-19 | kunit/fortify: Fix mismatched kvalloc()/vfree() usage |
| CVE-2024-38618 | 2024-06-19 | ALSA: timer: Set lower bound of start tick time |
| CVE-2023-39310 | 2024-06-19 | WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability |
| CVE-2023-38394 | 2024-06-19 | WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability |
| CVE-2023-38393 | 2024-06-19 | WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability |
| CVE-2023-36516 | 2024-06-19 | WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability |
| CVE-2023-36515 | 2024-06-19 | WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-39312 | 2024-06-19 | WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability |
| CVE-2022-45832 | 2024-06-19 | WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability |
| CVE-2023-25697 | 2024-06-19 | WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability |
| CVE-2024-22263 | 2024-06-19 | Arbitrary File Write Vulnerability in Spring Cloud Data Flow |
| CVE-2021-47576 | 2024-06-19 | scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() |
| CVE-2021-47577 | 2024-06-19 | io-wq: check for wq exit after adding new worker task_work |
| CVE-2021-47578 | 2024-06-19 | scsi: scsi_debug: Don't call kcalloc() if size arg is zero |
| CVE-2021-47579 | 2024-06-19 | ovl: fix warning in ovl_create_real() |
| CVE-2021-47580 | 2024-06-19 | scsi: scsi_debug: Fix type in min_t to avoid stack OOB |
| CVE-2021-47582 | 2024-06-19 | USB: core: Make do_proc_control() and do_proc_bulk() killable |
| CVE-2021-47583 | 2024-06-19 | media: mxl111sf: change mutex_init() location |
| CVE-2021-47584 | 2024-06-19 | iocost: Fix divide-by-zero on donation from low hweight cgroup |
| CVE-2021-47585 | 2024-06-19 | btrfs: fix memory leak in __add_inode_ref() |
| CVE-2021-47586 | 2024-06-19 | net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup |
| CVE-2021-47587 | 2024-06-19 | net: systemport: Add global locking for descriptor lifecycle |
| CVE-2021-47588 | 2024-06-19 | sit: do not call ipip6_dev_free() from sit_init_net() |
| CVE-2021-47589 | 2024-06-19 | igbvf: fix double free in `igbvf_probe` |
| CVE-2021-47590 | 2024-06-19 | mptcp: fix deadlock in __mptcp_push_pending() |
| CVE-2024-34443 | 2024-06-19 | WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2021-47591 | 2024-06-19 | mptcp: remove tcp ulp setsockopt support |
| CVE-2021-47592 | 2024-06-19 | net: stmmac: fix tc flower deletion for VLAN priority Rx steering |
| CVE-2021-47593 | 2024-06-19 | mptcp: clear 'kern' flag from fallback sockets |
| CVE-2021-47594 | 2024-06-19 | mptcp: never allow the PM to close a listener subflow |
| CVE-2021-47595 | 2024-06-19 | net/sched: sch_ets: don't remove idle classes from the round-robin list |
| CVE-2021-47596 | 2024-06-19 | net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg |
| CVE-2021-47597 | 2024-06-19 | inet_diag: fix kernel-infoleak for UDP sockets |
| CVE-2021-47598 | 2024-06-19 | sch_cake: do not call cake_destroy() from cake_init() |
| CVE-2021-47599 | 2024-06-19 | btrfs: use latest_dev in btrfs_show_devname |
| CVE-2021-47600 | 2024-06-19 | dm btree remove: fix use after free in rebalance_children() |
| CVE-2021-47601 | 2024-06-19 | tee: amdtee: fix an IS_ERR() vs NULL bug |
| CVE-2021-47602 | 2024-06-19 | mac80211: track only QoS data frames for admission control |
| CVE-2021-47603 | 2024-06-19 | audit: improve robustness of the audit queue handling |
| CVE-2021-47604 | 2024-06-19 | vduse: check that offset is within bounds in get_config() |
| CVE-2021-47605 | 2024-06-19 | vduse: fix memory corruption in vduse_dev_ioctl() |
| CVE-2021-47606 | 2024-06-19 | net: netlink: af_netlink: Prevent empty skb by adding a check on len. |
| CVE-2021-47607 | 2024-06-19 | bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg |
| CVE-2021-47608 | 2024-06-19 | bpf: Fix kernel address leakage in atomic fetch |
| CVE-2024-34444 | 2024-06-19 | WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2021-47609 | 2024-06-19 | firmware: arm_scpi: Fix string overflow in SCPI genpd driver |
| CVE-2021-47610 | 2024-06-19 | drm/msm: Fix null ptr access msm_ioctl_gem_submit() |
| CVE-2021-47611 | 2024-06-19 | mac80211: validate extended element ID is present |
| CVE-2021-47612 | 2024-06-19 | nfc: fix segfault in nfc_genl_dump_devices_done |
| CVE-2021-47613 | 2024-06-19 | i2c: virtio: fix completion handling |
| CVE-2021-47614 | 2024-06-19 | RDMA/irdma: Fix a user-after-free in add_pble_prm |
| CVE-2021-47616 | 2024-06-19 | RDMA: Fix use-after-free in rxe_queue_cleanup |
| CVE-2024-32030 | 2024-06-19 | Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI |
| CVE-2024-36115 | 2024-06-19 | Stored Cross site scripting in Reposilite artifacts |
| CVE-2024-36116 | 2024-06-19 | Path traversal in Reposilite javadoc file expansion |
| CVE-2024-36117 | 2024-06-19 | Path traversal while serving Reposilite javadoc expanded files |
| CVE-2024-38355 | 2024-06-19 | Unhandled 'error' event in socket.io |