Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:12
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix fault on fd close after unbind
If userspace holds an fd open, unbinds the device and then closes it,
the driver shouldn't try to access the hardware. Protect it by usin…
Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:12
In the Linux kernel, the following vulnerability has been resolved:
net: fix memory leak in tcp_conn_request()
If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will
return without free the dst memory, which allocated in af_ops->r…
Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:11
In the Linux kernel, the following vulnerability has been resolved:
netrom: check buffer length before accessing it
Syzkaller reports an uninit value read from ax25cmp when sending raw message
through ieee802154 implementation.
===================…
High
CVSS: 7.8
Yayın: 2025-01-15 13:15:11
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Skip restore TC rules for vport rep without loaded flag
During driver unload, unregister_netdev is called after unloading
vport rep. So, the mlx5e_rep_priv is already fr…
High
CVSS: 7.8
Yayın: 2025-01-15 13:15:11
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Remove the direct link to net_device
The similar patch in siw is in the link:
https://git.kernel.org/rdma/rdma/c/16b87037b48889
This problem also occurred in RXE. The fo…
Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:11
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
Access to genmask field in struct nft_set_ext results in unaligned
atomic read:
[ 72.130109] Unable to handl…
Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:10
In the Linux kernel, the following vulnerability has been resolved:
nvmet: Don't overflow subsysnqn
nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed
size buffer, even though it is dynamically allocated to the size of the
stri…
Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:09
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: t7xx: Fix FSM command timeout issue
When driver processes the internal state change command, it use an
asynchronous thread to process the command operation. If the main…
Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:09
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rtrs: Ensure 'ib_sge list' is accessible
Move the declaration of the 'ib_sge list' variable outside the
'always_invalidate' block to ensure it remains accessible for use
throu…
Medium
CVSS: 4.3
Yayın: 2025-01-15 13:15:09
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authe…
Medium
CVSS: 5.5
Yayın: 2025-01-15 13:15:08
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator…
Medium
CVSS: 6.4
Yayın: 2025-01-15 12:15:25
The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and outp…
Medium
CVSS: 4.3
Yayın: 2025-01-15 12:15:25
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenti…
High
CVSS: 8.1
Yayın: 2025-01-15 12:15:25
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for aut…
Medium
CVSS: 4.3
Yayın: 2025-01-15 11:15:10
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
High
CVSS: 8.8
Yayın: 2025-01-15 11:15:10
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
Medium
CVSS: 4.3
Yayın: 2025-01-15 11:15:10
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Lo…
High
CVSS: 8.8
Yayın: 2025-01-15 11:15:10
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity:…
Medium
CVSS: 6.5
Yayın: 2025-01-15 11:15:10
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Medium
CVSS: 6.5
Yayın: 2025-01-15 11:15:10
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)