This page lists Common Vulnerabilities and Exposures (CVE) that may affect the Amazon Linux operating system.
CVE ID | Description | Public Date |
---|---|---|
CVE-2024-52005 |
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.
|
2025-01-15 |
CVE-2024-53263 |
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time.
|
2025-01-14 |
CVE-2024-57652 |
An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-12747 |
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
|
2025-01-14 |
CVE-2024-12085 |
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
|
2025-01-14 |
CVE-2024-12084 |
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
|
2025-01-14 |
CVE-2024-57644 |
An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-50349 |
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.
|
2025-01-14 |
CVE-2024-12088 |
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
|
2025-01-14 |
CVE-2024-57662 |
An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-57638 |
An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-52006 |
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.
|
2025-01-14 |
CVE-2024-57641 |
An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-57658 |
An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2025-21173 |
.NET Elevation of Privilege Vulnerability
|
2025-01-14 |
CVE-2025-21176 |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
|
2025-01-14 |
CVE-2024-12086 |
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
|
2025-01-14 |
CVE-2024-12087 |
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
|
2025-01-14 |
CVE-2024-57647 |
An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2025-21171 |
.NET Remote Code Execution Vulnerability
|
2025-01-14 |
CVE-2024-57654 |
An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-57636 |
An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-57645 |
An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2025-21172 |
.NET and Visual Studio Remote Code Execution Vulnerability
|
2025-01-14 |
CVE-2024-57643 |
An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2024-57648 |
An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
2025-01-14 |
CVE-2025-22134 |
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003
|
2025-01-13 |
CVE-2024-48873 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: check return value of ieee80211_probereq_get() for RNR
|
2025-01-11 |
CVE-2024-57876 |
In the Linux kernel, the following vulnerability has been resolved:
drm/dp_mst: Fix resetting msg rx state after topology removal
|
2025-01-11 |
CVE-2025-23108 |
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134.
|
2025-01-11 |
CVE-2024-57849 |
In the Linux kernel, the following vulnerability has been resolved:
s390/cpum_sf: Handle CPU hotplug remove during sampling
|
2025-01-11 |
CVE-2024-55641 |
In the Linux kernel, the following vulnerability has been resolved:
xfs: unlock inodes when erroring out of xfs_trans_alloc_dir
|
2025-01-11 |
CVE-2025-23109 |
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134.
|
2025-01-11 |
CVE-2024-49569 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-rdma: unquiesce admin_q before destroy it
|
2025-01-11 |
CVE-2024-57822 |
In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal().
|
2025-01-10 |
CVE-2024-57823 |
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
|
2025-01-10 |
CVE-2025-23022 |
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
|
2025-01-10 |
CVE-2025-0306 |
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.
|
2025-01-09 |
CVE-2025-0241 |
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.
|
2025-01-07 |
CVE-2025-0240 |
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.
|
2025-01-07 |
CVE-2025-0242 |
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6.
|
2025-01-07 |
CVE-2025-0244 |
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.
|
2025-01-07 |
CVE-2025-0245 |
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.
|
2025-01-07 |
CVE-2025-0238 |
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6.
|
2025-01-07 |
CVE-2025-0246 |
When using an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*
*Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.
|
2025-01-07 |
CVE-2025-0243 |
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.
|
2025-01-07 |
CVE-2025-0237 |
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.
|
2025-01-07 |
CVE-2025-0239 |
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.
|
2025-01-07 |
CVE-2024-12425 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.
An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
|
2025-01-07 |
CVE-2024-56827 |
openjpeg: heap buffer overflow in lib/openjp2/j2k.c
|
2025-01-07 |
CVE-2024-56826 |
openjpeg: heap buffer overflow in bin/common/color.c
|
2025-01-07 |
CVE-2024-12426 |
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.
URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
|
2025-01-07 |
CVE-2025-0247 |
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.
|
2025-01-07 |
CVE-2024-51741 |
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
|
2025-01-06 |
CVE-2025-21614 |
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
|
2025-01-06 |
CVE-2025-21613 |
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.
|
2025-01-06 |
CVE-2024-46981 |
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
|
2025-01-06 |
CVE-2025-22376 |
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
|
2025-01-03 |
CVE-2024-56737 |
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
|
2024-12-29 |
CVE-2024-56727 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c
Adding error pointer check after calling otx2_mbox_get_rsp().
|
2024-12-29 |
CVE-2024-56718 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: protect link down work from execute after lgr freed
link down work may be scheduled before lgr freed but execute
after lgr freed, which may result in crash. So it is need to
hold a reference before shedule link down work, and put the
reference after work executed or canceled.
The relevant crash call stack as follows:
list_del corruption. prev->next should be ffffb638c9c0fe20,
but was 0000000000000000
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:51!
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1
Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014
Workqueue: events smc_link_down_work [smc]
RIP: 0010:__list_del_entry_valid.cold+0x31/0x47
RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086
RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000
RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38
R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002
R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0
FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
rwsem_down_write_slowpath+0x17e/0x470
smc_link_down_work+0x3c/0x60 [smc]
process_one_work+0x1ac/0x350
worker_thread+0x49/0x2f0
? rescuer_thread+0x360/0x360
kthread+0x118/0x140
? __kthread_bind_mask+0x60/0x60
ret_from_fork+0x1f/0x30
|
2024-12-29 |
CVE-2024-56713 |
In the Linux kernel, the following vulnerability has been resolved:
net: netdevsim: fix nsim_pp_hold_write()
nsim_pp_hold_write() has two problems:
1) It may return with rtnl held, as found by syzbot.
2) Its return value does not propagate an error if any.
|
2024-12-29 |
CVE-2024-56726 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
Add error pointer check after calling otx2_mbox_get_rsp().
|
2024-12-29 |
CVE-2024-56751 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: release nexthop on device removal
The CI is hitting some aperiodic hangup at device removal time in the
pmtu.sh self-test:
unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6
ref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at
dst_init+0x84/0x4a0
dst_alloc+0x97/0x150
ip6_dst_alloc+0x23/0x90
ip6_rt_pcpu_alloc+0x1e6/0x520
ip6_pol_route+0x56f/0x840
fib6_rule_lookup+0x334/0x630
ip6_route_output_flags+0x259/0x480
ip6_dst_lookup_tail.constprop.0+0x5c2/0x940
ip6_dst_lookup_flow+0x88/0x190
udp_tunnel6_dst_lookup+0x2a7/0x4c0
vxlan_xmit_one+0xbde/0x4a50 [vxlan]
vxlan_xmit+0x9ad/0xf20 [vxlan]
dev_hard_start_xmit+0x10e/0x360
__dev_queue_xmit+0xf95/0x18c0
arp_solicit+0x4a2/0xe00
neigh_probe+0xaa/0xf0
While the first suspect is the dst_cache, explicitly tracking the dst
owing the last device reference via probes proved such dst is held by
the nexthop in the originating fib6_info.
Similar to commit f5b51fe804ec ("ipv6: route: purge exception on
removal"), we need to explicitly release the originating fib info when
disconnecting a to-be-removed device from a live ipv6 dst: move the
fib6_info cleanup into ip6_dst_ifdown().
Tested running:
./pmtu.sh cleanup_ipv6_exception
in a tight loop for more than 400 iterations with no spat, running an
unpatched kernel I observed a splat every ~10 iterations.
|
2024-12-29 |
CVE-2024-56725 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c
Add error pointer check after calling otx2_mbox_get_rsp().
|
2024-12-29 |
CVE-2024-56738 |
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
|
2024-12-29 |
CVE-2024-56677 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()
During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE,
since pageblock_order is still zero and it gets initialized
later during initmem_init() e.g.
setup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order()
One such use case where this causes issue is -
early_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init()
This causes CMA memory alignment check to be bypassed in
cma_init_reserved_mem(). Then later cma_activate_area() can hit
a VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory
area was not pageblock_order aligned.
Fix it by moving the fadump_cma_init() after initmem_init(),
where other such cma reservations also gets called.
<stack trace>
==============
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010
flags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA
raw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1))
------------[ cut here ]------------
kernel BUG at mm/page_alloc.c:778!
Call Trace:
__free_one_page+0x57c/0x7b0 (unreliable)
free_pcppages_bulk+0x1a8/0x2c8
free_unref_page_commit+0x3d4/0x4e4
free_unref_page+0x458/0x6d0
init_cma_reserved_pageblock+0x114/0x198
cma_init_reserved_areas+0x270/0x3e0
do_one_initcall+0x80/0x2f8
kernel_init_freeable+0x33c/0x530
kernel_init+0x34/0x26c
ret_from_kernel_user_thread+0x14/0x1c
|
2024-12-28 |
CVE-2024-56678 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/mm/fault: Fix kfence page fault reporting
copy_from_kernel_nofault() can be called when doing read of /proc/kcore.
/proc/kcore can have some unmapped kfence objects which when read via
copy_from_kernel_nofault() can cause page faults. Since *_nofault()
functions define their own fixup table for handling fault, use that
instead of asking kfence to handle such faults.
Hence we search the exception tables for the nip which generated the
fault. If there is an entry then we let the fixup table handler handle the
page fault by returning an error from within ___do_page_fault().
This can be easily triggered if someone tries to do dd from /proc/kcore.
eg. dd if=/proc/kcore of=/dev/null bs=1M
Some example false negatives:
===============================
BUG: KFENCE: invalid read in copy_from_kernel_nofault+0x9c/0x1a0
Invalid read at 0xc0000000fdff0000:
copy_from_kernel_nofault+0x9c/0x1a0
0xc00000000665f950
read_kcore_iter+0x57c/0xa04
proc_reg_read_iter+0xe4/0x16c
vfs_read+0x320/0x3ec
ksys_read+0x90/0x154
system_call_exception+0x120/0x310
system_call_vectored_common+0x15c/0x2ec
BUG: KFENCE: use-after-free read in copy_from_kernel_nofault+0x9c/0x1a0
Use-after-free read at 0xc0000000fe050000 (in kfence-#2):
copy_from_kernel_nofault+0x9c/0x1a0
0xc00000000665f950
read_kcore_iter+0x57c/0xa04
proc_reg_read_iter+0xe4/0x16c
vfs_read+0x320/0x3ec
ksys_read+0x90/0x154
system_call_exception+0x120/0x310
system_call_vectored_common+0x15c/0x2ec
|
2024-12-28 |
CVE-2024-56679 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
Add error pointer check after calling otx2_mbox_get_rsp().
|
2024-12-28 |
CVE-2024-56605 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
|
2024-12-27 |
CVE-2024-56640 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix LGR and link use-after-free issue
|
2024-12-27 |
CVE-2024-56658 |
In the Linux kernel, the following vulnerability has been resolved:
net: defer final 'struct net' free in netns dismantle
|
2024-12-27 |
CVE-2024-53206 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
|
2024-12-27 |
CVE-2024-56647 |
In the Linux kernel, the following vulnerability has been resolved:
net: Fix icmp host relookup triggering ip_rt_bug
arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:
WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:ip_rt_bug+0x14/0x20
Call Trace:
<IRQ>
ip_send_skb+0x14/0x40
__icmp_send+0x42d/0x6a0
ipv4_link_failure+0xe2/0x1d0
arp_error_report+0x3c/0x50
neigh_invalidate+0x8d/0x100
neigh_timer_handler+0x2e1/0x330
call_timer_fn+0x21/0x120
__run_timer_base.part.0+0x1c9/0x270
run_timer_softirq+0x4c/0x80
handle_softirqs+0xac/0x280
irq_exit_rcu+0x62/0x80
sysvec_apic_timer_interrupt+0x77/0x90
The script below reproduces this scenario:
ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \
dir out priority 0 ptype main flag localok icmp
ip l a veth1 type veth
ip a a 192.168.141.111/24 dev veth0
ip l s veth0 up
ping 192.168.141.155 -c 1
icmp_route_lookup() create input routes for locally generated packets
while xfrm relookup ICMP traffic.Then it will set input route
(dst->out = ip_rt_bug) to skb for DESTUNREACH.
For ICMP err triggered by locally generated packets, dst->dev of output
route is loopback. Generally, xfrm relookup verification is not required
on loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).
Skip icmp relookup for locally generated packets to fix it.
|
2024-12-27 |
CVE-2024-56642 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: Fix use-after-free of kernel socket in cleanup_bearer().
|
2024-12-27 |
CVE-2024-56732 |
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
|
2024-12-27 |
CVE-2024-56433 |
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
|
2024-12-26 |
CVE-2024-56431 |
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift.
|
2024-12-25 |
CVE-2024-53147 |
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix out-of-bounds access of directory entries
In the case of the directory size is greater than or equal to
the cluster size, if start_clu becomes an EOF cluster(an invalid
cluster) due to file system corruption, then the directory entry
where ei->hint_femp.eidx hint is outside the directory, resulting
in an out-of-bounds access, which may cause further file system
corruption.
This commit adds a check for start_clu, if it is an invalid cluster,
the file or directory will be treated as empty.
|
2024-12-24 |
CVE-2024-56326 |
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.
|
2024-12-23 |
CVE-2024-56378 |
An out-of-bounds read exists within Poppler's JBIG2Bitmap::combine function in JBIG2Stream.cc. This flaw allows an attacker to crash the application via a carefully crafted pdf file. This issue can be triggered through the pdfimages utility.libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
|
2024-12-23 |
CVE-2024-40896 |
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
|
2024-12-23 |
CVE-2024-56201 |
Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
|
2024-12-23 |
CVE-2024-12455 |
glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform
|
2024-12-20 |
CVE-2024-56337 |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The mitigation for CVE-2024-50379 was incomplete.
Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation
parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:
- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)
- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)
- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)
Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.
|
2024-12-20 |
CVE-2024-53580 |
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
|
2024-12-18 |
CVE-2024-53269 |
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.
|
2024-12-18 |
CVE-2024-45338 |
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
|
2024-12-18 |
CVE-2024-53270 |
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold.
|
2024-12-18 |
CVE-2024-53271 |
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.
|
2024-12-18 |
CVE-2024-50379 |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
|
2024-12-17 |
CVE-2024-51479 |
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.
|
2024-12-17 |
CVE-2024-52949 |
iptraf-ng 1.2.1 has a stack-based buffer overflow.
|
2024-12-16 |
CVE-2024-54508 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-12-12 |
CVE-2024-47599 |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47541 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47542 |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47834 |
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47775 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47600 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47537 |
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-54502 |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-12-12 |
CVE-2024-47607 |
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47615 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47603 |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47539 |
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47598 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47777 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47776 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47543 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-54479 |
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-12-12 |
CVE-2024-47835 |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47544 |
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47774 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47540 |
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47602 |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47606 |
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47546 |
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47778 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47545 |
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-54534 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
|
2024-12-12 |
CVE-2024-47601 |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47613 |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47597 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-45337 |
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.
|
2024-12-12 |
CVE-2024-47538 |
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-47596 |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
|
2024-12-12 |
CVE-2024-54505 |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
|
2024-12-12 |
CVE-2024-11053 |
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.
|
2024-12-11 |
CVE-2024-48916 |
ceph: rhceph-container: Authentication bypass in CEPH RadosGW
|
2024-12-10 |
CVE-2024-46901 |
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.
All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.
Repositories served via other access methods are not affected.
|
2024-12-09 |
CVE-2024-53143 |
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: Fix ordering of iput() and watched_objects decrement
|
2024-12-07 |
CVE-2024-12254 |
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()
method would not "pause" writing and signal to the Protocol to drain
the buffer to the wire once the write buffer reached the "high-water
mark". Because of this, Protocols would not periodically drain the write
buffer potentially leading to memory exhaustion.
This
vulnerability likely impacts a small number of users, you must be using
Python 3.12.0 or later, on macOS or Linux, using the asyncio module
with protocols, and using .writelines() method which had new
zero-copy-on-write behavior in Python 3.12.0 and later. If not all of
these factors are true then your usage of Python is unaffected.
|
2024-12-06 |
CVE-2024-53589 |
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.
|
2024-12-05 |
CVE-2024-11148 |
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.
|
2024-12-05 |
CVE-2024-53846 |
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).
|
2024-12-05 |
CVE-2024-54661 |
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.
|
2024-12-04 |
CVE-2024-53108 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Adjust VSDB parser for replay feature
|
2024-12-02 |
CVE-2024-36620 |
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
|
2024-11-29 |
CVE-2024-36621 |
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
|
2024-11-29 |
CVE-2024-36623 |
moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
|
2024-11-29 |
CVE-2024-53008 |
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.
|
2024-11-28 |
CVE-2024-53920 |
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
|
2024-11-27 |
CVE-2024-11693 |
The executable file warning was not presented when downloading .library-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11702 |
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
2024-11-26 |
CVE-2024-11695 |
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11704 |
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
2024-11-26 |
CVE-2024-11697 |
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11706 |
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
2024-11-26 |
CVE-2024-11699 |
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11700 |
Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
2024-11-26 |
CVE-2024-11691 |
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver.
*This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11708 |
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
2024-11-26 |
CVE-2024-52336 |
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
|
2024-11-26 |
CVE-2024-11701 |
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
2024-11-26 |
CVE-2024-11705 |
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
2024-11-26 |
CVE-2024-11703 |
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
|
2024-11-26 |
CVE-2024-11407 |
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
|
2024-11-26 |
CVE-2024-53976 |
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.
|
2024-11-26 |
CVE-2024-11694 |
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-52337 |
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
|
2024-11-26 |
CVE-2024-53975 |
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.
|
2024-11-26 |
CVE-2024-11696 |
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11698 |
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted.
*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11692 |
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
2024-11-26 |
CVE-2024-11498 |
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.
|
2024-11-25 |
CVE-2024-11403 |
There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.
|
2024-11-25 |
CVE-2024-53899 |
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
|
2024-11-24 |
CVE-2024-11586 |
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.
|
2024-11-23 |
CVE-2024-52804 |
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
|
2024-11-22 |
CVE-2024-11612 |
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.
|
2024-11-22 |
CVE-2024-11477 |
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.
|
2024-11-22 |
CVE-2024-8932 |
The upstream advisory describes this issue as follows:
Uncontrolled long string inputs to ldap_escape on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
|
2024-11-21 |
CVE-2024-53425 |
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.
|
2024-11-21 |
CVE-2024-11596 |
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
|
2024-11-21 |
CVE-2024-11595 |
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
|
2024-11-21 |
CVE-2024-11236 |
The upstream advisory describes this issue as follows:
Integer overflow in the firebird and dblib quoters causing OOB writes
|
2024-11-21 |
CVE-2024-8929 |
The upstream advisory describes this issue as follows:
By connecting to a fake MySQL server or tampering with network packets and initiating a SQL Query, it is possible to abuse the function static enum_func_status php_mysqlnd_rset_field_read when parsing MySQL fields packets in order to include the rest of the heap content starting from the address of the cursor of the currently read buffer.
Using PHP-FPM which stays alive between request, and between two different SQL query requests, as the previous buffer used to store received data from MySQL is not emptied and malloc allocates a memory region which is very near the previous one, one is able to extract the response content of the previous MySQL request from the PHP-FPM worker.
|
2024-11-21 |
CVE-2024-11234 |
The upstream advisory describes this issue as follows:
Configuring a proxy in a stream context might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks.
|
2024-11-21 |
CVE-2024-11233 |
The upstream advisory describes this issue as follows:
A memory-related vulnerability in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash. When exploited, it allows an attacker to extract a single byte of data from the heap or cause a DoS.
|
2024-11-21 |
CVE-2024-53089 |
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
|
2024-11-21 |
CVE-2024-44308 |
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
|
2024-11-20 |
CVE-2024-44309 |
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
|
2024-11-20 |
CVE-2024-52616 |
avahi: Avahi Wide-Area DNS Predictable Transaction IDs
|
2024-11-19 |
CVE-2024-50289 |
In the Linux kernel, the following vulnerability has been resolved:
media: av7110: fix a spectre vulnerability
|
2024-11-19 |
CVE-2024-10224 |
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
|
2024-11-19 |
CVE-2024-52762 |
A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter.
|
2024-11-19 |
CVE-2024-10524 |
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
|
2024-11-19 |
CVE-2024-50282 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
|
2024-11-19 |
CVE-2024-53060 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
|
2024-11-19 |
CVE-2024-52763 |
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
|
2024-11-19 |
CVE-2023-52921 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
|
2024-11-19 |
CVE-2024-52615 |
avahi: Avahi Wide-Area DNS Uses Constant Source Port
|
2024-11-19 |
CVE-2024-50276 |
In the Linux kernel, the following vulnerability has been resolved:
net: vertexcom: mse102x: Fix possible double free of TX skb
|
2024-11-19 |
CVE-2024-52316 |
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.
Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
|
2024-11-18 |
CVE-2024-52317 |
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests
could lead to request and/or response mix-up between users.
This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.
Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.
|
2024-11-18 |
CVE-2024-52318 |
Incorrect object recycling and reuse vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.
Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
|
2024-11-18 |
CVE-2024-52522 |
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.
|
2024-11-15 |
CVE-2024-1682 |
An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks.
|
2024-11-14 |
CVE-2024-10977 |
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
|
2024-11-14 |
CVE-2024-10978 |
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
|
2024-11-14 |
CVE-2024-10979 |
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
|
2024-11-14 |
CVE-2024-10976 |
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
|
2024-11-14 |
CVE-2024-25563 |
Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
|
2024-11-13 |
CVE-2024-11159 |
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
|
2024-11-13 |
CVE-2024-28049 |
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
|
2024-11-13 |
CVE-2024-23198 |
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
|
2024-11-13 |
CVE-2024-23918 |
Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-11-13 |
CVE-2024-24984 |
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
2024-11-13 |
CVE-2024-21853 |
Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.
|
2024-11-13 |
CVE-2024-21820 |
Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-11-13 |
CVE-2024-49504 |
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
|
2024-11-13 |
CVE-2024-11079 |
This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
|
2024-11-12 |
CVE-2024-50336 |
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.
|
2024-11-12 |
CVE-2024-49394 |
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
The upstream project considers this a known issue with email signing and Amazon Linux agrees. No fix is planned for Amazon Linux at this time.
|
2024-11-12 |
CVE-2024-43498 |
.NET and Visual Studio Remote Code Execution Vulnerability
|
2024-11-12 |
CVE-2024-11168 |
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
|
2024-11-12 |
CVE-2024-49395 |
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
The upstream project considers this a known issue with email signing and Amazon Linux agrees. No fix is planned for Amazon Linux at this time.
|
2024-11-12 |
CVE-2024-49393 |
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
The upstream project considers this a known issue with email signing and Amazon Linux agrees. No fix is planned for Amazon Linux at this time.
|
2024-11-12 |
CVE-2024-43499 |
.NET and Visual Studio Denial of Service Vulnerability
|
2024-11-12 |
CVE-2024-52531 |
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.
|
2024-11-11 |
CVE-2024-10973 |
keycloak: CLI option for encrypted JGroups ignored
|
2024-11-11 |
CVE-2024-52530 |
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
|
2024-11-11 |
CVE-2024-52533 |
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
|
2024-11-11 |
CVE-2024-52532 |
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
|
2024-11-11 |
CVE-2024-50263 |
In the Linux kernel, the following vulnerability has been resolved:
fork: only invoke khugepaged, ksm hooks if no error
|
2024-11-11 |
CVE-2024-50220 |
In the Linux kernel, the following vulnerability has been resolved:
fork: do not invoke uffd on fork if error occurs
|
2024-11-09 |
CVE-2024-50255 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
|
2024-11-09 |
CVE-2024-50222 |
In the Linux kernel, the following vulnerability has been resolved:
iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP
|
2024-11-09 |
CVE-2024-50214 |
In the Linux kernel, the following vulnerability has been resolved:
drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()
|
2024-11-09 |
CVE-2024-50217 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
|
2024-11-09 |
CVE-2024-50262 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix out-of-bounds write in trie_get_next_key()
|
2024-11-09 |
CVE-2024-50246 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add rough attr alloc_size check
|
2024-11-09 |
CVE-2024-50230 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug due to missing clearing of checked flag
|
2024-11-09 |
CVE-2024-50252 |
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
|
2024-11-09 |
CVE-2024-50212 |
In the Linux kernel, the following vulnerability has been resolved:
lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
|
2024-11-09 |
CVE-2024-50242 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Additional check in ntfs_file_release
|
2024-11-09 |
CVE-2024-50218 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
|
2024-11-09 |
CVE-2024-50260 |
In the Linux kernel, the following vulnerability has been resolved:
sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()
|
2024-11-09 |
CVE-2024-50221 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Vangogh: Fix kernel memory out of bounds write
|
2024-11-09 |
CVE-2024-50261 |
In the Linux kernel, the following vulnerability has been resolved:
macsec: Fix use-after-free while sending the offloading packet
|
2024-11-09 |
CVE-2024-50232 |
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
|
2024-11-09 |
CVE-2024-50213 |
In the Linux kernel, the following vulnerability has been resolved:
drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
|
2024-11-09 |
CVE-2024-50238 |
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend
|
2024-11-09 |
CVE-2024-50227 |
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan()
|
2024-11-09 |
CVE-2024-50225 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix error propagation of split bios
|
2024-11-09 |
CVE-2024-50245 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix possible deadlock in mi_read
|
2024-11-09 |
CVE-2024-50241 |
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Initialize struct nfsd4_copy earlier
|
2024-11-09 |
CVE-2024-50236 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath10k: Fix memory leak in management tx
|
2024-11-09 |
CVE-2024-50231 |
In the Linux kernel, the following vulnerability has been resolved:
iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
|
2024-11-09 |
CVE-2024-50254 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Free dynamically allocated bits in bpf_iter_bits_destroy()
|
2024-11-09 |
CVE-2024-50229 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential deadlock with newly created symlinks
|
2024-11-09 |
CVE-2024-50233 |
In the Linux kernel, the following vulnerability has been resolved:
staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
|
2024-11-09 |
CVE-2024-50248 |
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: Add bounds checking to mi_enum_attr()
|
2024-11-09 |
CVE-2024-50250 |
In the Linux kernel, the following vulnerability has been resolved:
fsdax: dax_unshare_iter needs to copy entire blocks
|
2024-11-09 |
CVE-2024-50237 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
|
2024-11-09 |
CVE-2024-50256 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
|
2024-11-09 |
CVE-2024-50223 |
In the Linux kernel, the following vulnerability has been resolved:
sched/numa: Fix the potential null pointer dereference in task_numa_work()
|
2024-11-09 |
CVE-2024-50258 |
In the Linux kernel, the following vulnerability has been resolved:
net: fix crash when config small gso_max_size/gso_ipv4_max_size
|
2024-11-09 |
CVE-2024-50257 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: Fix use-after-free in get_info()
|
2024-11-09 |
CVE-2024-50224 |
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-fsl-dspi: Fix crash when not using GPIO chip select
|
2024-11-09 |
CVE-2024-50259 |
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
|
2024-11-09 |
CVE-2024-50251 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
|
2024-11-09 |
CVE-2024-50235 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: clear wdev->cqm_config pointer on free
|
2024-11-09 |
CVE-2024-50247 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check if more than chunk-size bytes are written
|
2024-11-09 |
CVE-2024-50253 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check the validity of nr_words in bpf_iter_bits_new()
|
2024-11-09 |
CVE-2024-50215 |
In the Linux kernel, the following vulnerability has been resolved:
nvmet-auth: assign dh_key to NULL after kfree_sensitive
|
2024-11-09 |
CVE-2024-50243 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix general protection fault in run_is_mapped_full
|
2024-11-09 |
CVE-2024-50234 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlegacy: Clear stale interrupts before resuming device
|
2024-11-09 |
CVE-2024-50226 |
In the Linux kernel, the following vulnerability has been resolved:
cxl/port: Fix use-after-free, permit out-of-order decoder shutdown
|
2024-11-09 |
CVE-2024-50239 |
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend
|
2024-11-09 |
CVE-2024-50240 |
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usb: fix NULL-deref on runtime suspend
|
2024-11-09 |
CVE-2024-50192 |
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
|
2024-11-08 |
CVE-2024-50211 |
In the Linux kernel, the following vulnerability has been resolved:
udf: refactor inode_bmap() to handle error
|
2024-11-08 |
CVE-2024-50196 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: ocelot: fix system hang on level based interrupts
|
2024-11-08 |
CVE-2024-50189 |
In the Linux kernel, the following vulnerability has been resolved:
HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
|
2024-11-08 |
CVE-2024-50179 |
In the Linux kernel, the following vulnerability has been resolved:
ceph: remove the incorrect Fw reference check when dirtying pages
|
2024-11-08 |
CVE-2024-50209 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Add a check for memory allocation
|
2024-11-08 |
CVE-2024-50197 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: intel: platform: fix error path in device_for_each_child_node()
|
2024-11-08 |
CVE-2024-50177 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix a UBSAN warning in DML2.1
|
2024-11-08 |
CVE-2024-47072 |
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides a BinaryStreamDriver with an own optimized serialization format. The format uses ids for string values as deduplication. The mapping for these ids are created on-the-fly at marshalling time. At unmarshalling time the reader's implementation simply used a simple one-time recursion after reading a mapping token to process the next normal token of the data stream. However, an endless recursion could be triggered with manipulated input data resulting in a stack overflow causing a denial of service.
|
2024-11-08 |
CVE-2024-50175 |
In the Linux kernel, the following vulnerability has been resolved:
media: qcom: camss: Remove use_count guard in stop_streaming
|
2024-11-08 |
CVE-2024-50180 |
In the Linux kernel, the following vulnerability has been resolved:
fbdev: sisfb: Fix strbuf array overflow
|
2024-11-08 |
CVE-2024-50187 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: Stop the active perfmon before being destroyed
|
2024-11-08 |
CVE-2024-50198 |
In the Linux kernel, the following vulnerability has been resolved:
iio: light: veml6030: fix IIO device retrieval from embedded device
|
2024-11-08 |
CVE-2024-50190 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix memleak in ice_init_tx_topology()
|
2024-11-08 |
CVE-2024-50176 |
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: k3-r5: Fix error handling when power-up failed
|
2024-11-08 |
CVE-2024-50208 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
|
2024-11-08 |
CVE-2024-21538 |
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
|
2024-11-08 |
CVE-2024-50181 |
In the Linux kernel, the following vulnerability has been resolved:
clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
|
2024-11-08 |
CVE-2024-50195 |
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: Fix missing timespec64 check in pc_clock_settime()
|
2024-11-08 |
CVE-2024-50184 |
In the Linux kernel, the following vulnerability has been resolved:
virtio_pmem: Check device status before requesting flush
|
2024-11-08 |
CVE-2024-50173 |
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()
|
2024-11-08 |
CVE-2024-50183 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
|
2024-11-08 |
CVE-2024-50182 |
In the Linux kernel, the following vulnerability has been resolved:
secretmem: disable memfd_secret() if arch cannot set direct map
|
2024-11-08 |
CVE-2024-50204 |
In the Linux kernel, the following vulnerability has been resolved:
fs: don't try and remove empty rbtree node
|
2024-11-08 |
CVE-2024-50174 |
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Fix race when converting group handle to group object
|
2024-11-08 |
CVE-2024-50201 |
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: Fix encoder->possible_clones
|
2024-11-08 |
CVE-2024-50186 |
In the Linux kernel, the following vulnerability has been resolved:
net: explicitly clear the sk pointer, when pf->create fails
|
2024-11-08 |
CVE-2024-50207 |
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix reader locking when changing the sub buffer order
|
2024-11-08 |
CVE-2024-50203 |
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix address emission with tag-based KASAN enabled
|
2024-11-08 |
CVE-2024-50206 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
|
2024-11-08 |
CVE-2024-50178 |
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request()
|
2024-11-08 |
CVE-2024-50199 |
In the Linux kernel, the following vulnerability has been resolved:
mm/swapfile: skip HugeTLB pages for unuse_vma
|
2024-11-08 |
CVE-2024-50185 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: handle consistently DSS corruption
|
2024-11-08 |
CVE-2024-50188 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: dp83869: fix memory corruption when enabling fiber
|
2024-11-08 |
CVE-2024-50202 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: propagate directory read errors from nilfs_find_entry()
|
2024-11-08 |
CVE-2024-50205 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
|
2024-11-08 |
CVE-2024-50210 |
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
|
2024-11-08 |
CVE-2024-50191 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't set SB_RDONLY after filesystem errors
|
2024-11-08 |
CVE-2024-50193 |
In the Linux kernel, the following vulnerability has been resolved:
x86/entry_32: Clear CPU buffers after register restore in NMI return
|
2024-11-08 |
CVE-2024-50194 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: probes: Fix uprobes for big-endian kernels
|
2024-11-08 |
CVE-2024-50200 |
In the Linux kernel, the following vulnerability has been resolved:
maple_tree: correct tree corruption on spanning store
|
2024-11-08 |
CVE-2024-50147 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix command bitmask initialization
|
2024-11-07 |
CVE-2024-50166 |
In the Linux kernel, the following vulnerability has been resolved:
fsl/fman: Fix refcount handling of fman-related devices
|
2024-11-07 |
CVE-2024-50142 |
In the Linux kernel, the following vulnerability has been resolved:
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
|
2024-11-07 |
CVE-2024-50156 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
|
2024-11-07 |
CVE-2024-50169 |
In the Linux kernel, the following vulnerability has been resolved:
vsock: Update rx_bytes on read_skb()
|
2024-11-07 |
CVE-2024-50164 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overloading of MEM_UNINIT's meaning
|
2024-11-07 |
CVE-2024-50167 |
In the Linux kernel, the following vulnerability has been resolved:
be2net: fix potential memory leak in be_xmit()
|
2024-11-07 |
CVE-2024-50157 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
|
2024-11-07 |
CVE-2024-10963 |
A vulnerability in pam_access allows unauthorized users to bypass access restrictions by spoofing hostnames. This occurs because pam_access improperly interprets local access.conf rules to match remote hostnames, compromising configurations intended to restrict local access only. The issue affects all deployments using this configuration method, posing a significant risk to secure environments.
|
2024-11-07 |
CVE-2024-50159 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
|
2024-11-07 |
CVE-2024-50154 |
In the Linux kernel, the following vulnerability has been resolved:
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
|
2024-11-07 |
CVE-2024-50149 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Don't free job in TDR
|
2024-11-07 |
CVE-2024-50158 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix out of bound check
|
2024-11-07 |
CVE-2024-50171 |
In the Linux kernel, the following vulnerability has been resolved:
net: systemport: fix potential memory leak in bcm_sysport_xmit()
|
2024-11-07 |
CVE-2024-50150 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: altmode should keep reference to parent
|
2024-11-07 |
CVE-2024-50160 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/cs8409: Fix possible NULL dereference
|
2024-11-07 |
CVE-2024-50152 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix possible double free in smb2_set_ea()
|
2024-11-07 |
CVE-2024-50155 |
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
|
2024-11-07 |
CVE-2024-50146 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Don't call cleanup on profile rollback failure
|
2024-11-07 |
CVE-2024-50151 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOBs when building SMB2_IOCTL request
|
2024-11-07 |
CVE-2024-50162 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: devmap: provide rxq after redirect
|
2024-11-07 |
CVE-2024-50153 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix null-ptr-deref in target_alloc_device()
|
2024-11-07 |
CVE-2024-50145 |
In the Linux kernel, the following vulnerability has been resolved:
octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
|
2024-11-07 |
CVE-2024-50141 |
In the Linux kernel, the following vulnerability has been resolved:
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
|
2024-11-07 |
CVE-2024-50144 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: fix unbalanced rpm put() with fence_fini()
|
2024-11-07 |
CVE-2024-50168 |
In the Linux kernel, the following vulnerability has been resolved:
net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
|
2024-11-07 |
CVE-2024-50139 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix shift-out-of-bounds bug
|
2024-11-07 |
CVE-2024-50143 |
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad
|
2024-11-07 |
CVE-2024-50140 |
In the Linux kernel, the following vulnerability has been resolved:
sched/core: Disable page allocation in task_tick_mm_cid()
|
2024-11-07 |
CVE-2024-50161 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check the remaining info_cnt before repeating btf fields
|
2024-11-07 |
CVE-2024-50148 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: bnep: fix wild-memory-access in proto_unregister
|
2024-11-07 |
CVE-2024-50165 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Preserve param->string when parsing mount options
|
2024-11-07 |
CVE-2024-50170 |
In the Linux kernel, the following vulnerability has been resolved:
net: bcmasp: fix potential memory leak in bcmasp_xmit()
|
2024-11-07 |
CVE-2024-50172 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix a possible memory leak
|
2024-11-07 |
CVE-2024-50163 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
|
2024-11-07 |
CVE-2024-9681 |
When curl is asked to use HSTS, the expiry time for a subdomain might
overwrite a parent domain's cache entry, making it end sooner or later than
otherwise intended.
This affects curl using applications that enable HSTS and use URLs with the
insecure `HTTP://` scheme and perform transfers with hosts like
`x.example.com` as well as `example.com` where the first host is a subdomain
of the second host.
(The HSTS cache either needs to have been populated manually or there needs to
have been previous HTTPS accesses done as the cache needs to have entries for
the domains involved to trigger this problem.)
When `x.example.com` responds with `Strict-Transport-Security:` headers, this
bug can make the subdomain's expiry timeout *bleed over* and get set for the
parent domain `example.com` in curl's HSTS cache.
The result of a triggered bug is that HTTP accesses to `example.com` get
converted to HTTPS for a different period of time than what was asked for by
the origin server. If `example.com` for example stops supporting HTTPS at its
expiry time, curl might then fail to access `http://example.com` until the
(wrongly set) timeout expires. This bug can also expire the parent's entry
*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier
than otherwise intended.
|
2024-11-06 |
CVE-2024-9902 |
A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
|
2024-11-06 |
CVE-2024-51736 |
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-11-06 |
CVE-2024-10941 |
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
|
2024-11-06 |
CVE-2023-52920 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: support non-r10 register spill/fill to/from stack in precision tracking
|
2024-11-05 |
CVE-2024-46954 |
Fix decode_utf8 to forbid overlong encodings
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707788
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=282f691f5e57b6bf55ba51ad8c2be2cce8edb938 (ghostpdl-10.04.0)
|
2024-11-05 |
CVE-2024-50136 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Unregister notifier on eswitch init failure
|
2024-11-05 |
CVE-2024-50130 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bpf: must hold reference on net namespace
|
2024-11-05 |
CVE-2024-50099 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: probes: Remove broken LDR (literal) uprobe support
|
2024-11-05 |
CVE-2024-50091 |
In the Linux kernel, the following vulnerability has been resolved:
dm vdo: don't refer to dedupe_context after releasing it
|
2024-11-05 |
CVE-2024-50128 |
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: fix global oob in wwan_rtnl_policy
|
2024-11-05 |
CVE-2024-50117 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Guard against bad data for ATIF ACPI method
|
2024-11-05 |
CVE-2024-50113 |
In the Linux kernel, the following vulnerability has been resolved:
firewire: core: fix invalid port index for parent device
|
2024-11-05 |
CVE-2024-50097 |
In the Linux kernel, the following vulnerability has been resolved:
net: fec: don't save PTP state if PTP is unsupported
|
2024-11-05 |
CVE-2024-50122 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: Hold rescan lock while adding devices during host probe
|
2024-11-05 |
CVE-2024-0134 |
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.
|
2024-11-05 |
CVE-2024-50127 |
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix use-after-free in taprio_change()
|
2024-11-05 |
CVE-2024-50138 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Use raw_spinlock_t in ringbuf
|
2024-11-05 |
CVE-2024-50135 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix race condition between reset and nvme_dev_disable()
|
2024-11-05 |
CVE-2024-50125 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: Fix UAF on sco_sock_timeout
|
2024-11-05 |
CVE-2024-50133 |
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Don't crash in stack_top() for tasks without vDSO
|
2024-11-05 |
CVE-2024-50110 |
In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix one more kernel-infoleak in algo dumping
|
2024-11-05 |
CVE-2024-50131 |
In the Linux kernel, the following vulnerability has been resolved:
tracing: Consider the NULL character when validating the event length
|
2024-11-05 |
CVE-2024-50090 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Fix overflow in oa batch buffer
|
2024-11-05 |
CVE-2024-50109 |
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix null ptr dereference in raid10_size()
|
2024-11-05 |
CVE-2024-50096 |
In the Linux kernel, the following vulnerability has been resolved:
nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
|
2024-11-05 |
CVE-2024-50129 |
In the Linux kernel, the following vulnerability has been resolved:
net: pse-pd: Fix out of bound for loop
|
2024-11-05 |
CVE-2024-50121 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
|
2024-11-05 |
CVE-2024-50105 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc
|
2024-11-05 |
CVE-2024-50124 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix UAF on iso_sock_timeout
|
2024-11-05 |
CVE-2024-46955 |
PS interpreter - check Indexed colour space index
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707990
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a (ghostpdl-10.04.0)
|
2024-11-05 |
CVE-2024-50134 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
|
2024-11-05 |
CVE-2024-50103 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
|
2024-11-05 |
CVE-2024-50101 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
|
2024-11-05 |
CVE-2024-50111 |
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context
|
2024-11-05 |
CVE-2024-50112 |
In the Linux kernel, the following vulnerability has been resolved:
x86/lam: Disable ADDRESS_MASKING in most cases
|
2024-11-05 |
CVE-2024-50115 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
|
2024-11-05 |
CVE-2024-50118 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reject ro->rw reconfiguration if there are hard ro requirements
|
2024-11-05 |
CVE-2024-50093 |
In the Linux kernel, the following vulnerability has been resolved:
thermal: intel: int340x: processor: Fix warning during module unload
|
2024-11-05 |
CVE-2024-50092 |
In the Linux kernel, the following vulnerability has been resolved:
net: netconsole: fix wrong warning
|
2024-11-05 |
CVE-2024-50106 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix race between laundromat and free_stateid
|
2024-11-05 |
CVE-2024-50107 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses
|
2024-11-05 |
CVE-2024-50114 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Unregister redistributor for failed vCPU creation
|
2024-11-05 |
CVE-2024-50108 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
|
2024-11-05 |
CVE-2024-50100 |
In the Linux kernel, the following vulnerability has been resolved:
USB: gadget: dummy-hcd: Fix "task hung" problem
|
2024-11-05 |
CVE-2024-50104 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: sdm845: add missing soundwire runtime stream alloc
|
2024-11-05 |
CVE-2024-50102 |
In the Linux kernel, the following vulnerability has been resolved:
x86: fix user address masking non-canonical speculation issue
|
2024-11-05 |
CVE-2024-50095 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mad: Improve handling of timed out WRs of mad agent
|
2024-11-05 |
CVE-2024-50132 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/probes: Fix MAX_TRACE_ARGS limit handling
|
2024-11-05 |
CVE-2024-50126 |
In the Linux kernel, the following vulnerability has been resolved:
net: sched: use RCU read-side critical section in taprio_dump()
|
2024-11-05 |
CVE-2024-50123 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add the missing BPF_LINK_TYPE invocation for sockmap
|
2024-11-05 |
CVE-2024-50120 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Handle kstrdup failures for passwords
|
2024-11-05 |
CVE-2024-50116 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug due to missing clearing of buffer delay flag
|
2024-11-05 |
CVE-2024-50094 |
In the Linux kernel, the following vulnerability has been resolved:
sfc: Don't invoke xdp_do_flush() from netpoll.
|
2024-11-05 |
CVE-2024-50119 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix warning when destroy 'cifs_io_request_pool'
|
2024-11-05 |
CVE-2024-50137 |
In the Linux kernel, the following vulnerability has been resolved:
reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
|
2024-11-05 |
CVE-2024-46951 |
PS interpreter - check the type of the Pattern Implementation
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee (ghostpdl-10.04.0)
|
2024-11-05 |
CVE-2024-50098 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
|
2024-11-05 |
CVE-2024-51744 |
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in "dangerous" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors ("dangerous" ones first), so that you are not running in the case detailed above.
|
2024-11-04 |
CVE-2024-46952 |
PDF interpreter - sanitise W array values in Xref streams
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708001
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264 (ghostpdl-10.04.0)
|
2024-11-01 |
CVE-2024-46956 |
PostScript interpreter - fix buffer length check
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0)
|
2024-11-01 |
CVE-2024-46953 |
Check for overflow validating format string
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a (ghostpdl-10.04.0)
|
2024-11-01 |
CVE-2024-21510 |
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
|
2024-11-01 |
CVE-2024-10573 |
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
|
2024-10-31 |
CVE-2024-7883 |
When using Arm Cortex-M Security Extensions (CMSE), Secure stack
contents can be leaked to Non-secure state via floating-point registers
when a Secure to Non-secure function call is made that returns a
floating-point value and when this is the first use of floating-point
since entering Secure state. This allows an attacker to read a limited
quantity of Secure stack contents with an impact on confidentiality.
This issue is specific to code generated using LLVM-based compilers.
|
2024-10-31 |
CVE-2024-9632 |
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
|
2024-10-30 |
CVE-2024-50072 |
In the Linux kernel, the following vulnerability has been resolved:
x86/bugs: Use code segment selector for VERW operand
|
2024-10-29 |
CVE-2024-50074 |
In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
|
2024-10-29 |
CVE-2024-10459 |
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-49769 |
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.
|
2024-10-29 |
CVE-2024-50075 |
In the Linux kernel, the following vulnerability has been resolved:
xhci: tegra: fix checked USB2 port number
|
2024-10-29 |
CVE-2024-50083 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix mptcp DSS corruption due to large pmtu xmit
|
2024-10-29 |
CVE-2024-50085 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
|
2024-10-29 |
CVE-2024-10458 |
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-50077 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix multiple init when debugfs is disabled
|
2024-10-29 |
CVE-2024-10465 |
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-50081 |
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: setup queue ->tag_set before initializing hctx
|
2024-10-29 |
CVE-2024-50073 |
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
|
2024-10-29 |
CVE-2024-10467 |
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-50082 |
In the Linux kernel, the following vulnerability has been resolved:
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
|
2024-10-29 |
CVE-2024-10474 |
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
|
2024-10-29 |
CVE-2024-50078 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Call iso_exit() on module unload
|
2024-10-29 |
CVE-2024-49768 |
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature.
|
2024-10-29 |
CVE-2024-10460 |
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-10468 |
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-50080 |
In the Linux kernel, the following vulnerability has been resolved:
ublk: don't allow user copy for unprivileged device
|
2024-10-29 |
CVE-2024-50087 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix uninitialized pointer free on read_alloc_one_name() error
|
2024-10-29 |
CVE-2024-10464 |
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-50070 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: stm32: check devm_kasprintf() returned value
|
2024-10-29 |
CVE-2024-50079 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work
|
2024-10-29 |
CVE-2024-50086 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix user-after-free from session log off
|
2024-10-29 |
CVE-2024-50071 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()
|
2024-10-29 |
CVE-2024-10491 |
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.
The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.
This vulnerability is especially relevant for dynamic parameters.
|
2024-10-29 |
CVE-2024-10461 |
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-10466 |
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-10463 |
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-50076 |
In the Linux kernel, the following vulnerability has been resolved:
vt: prevent kernel-infoleak in con_font_get()
|
2024-10-29 |
CVE-2024-50084 |
In the Linux kernel, the following vulnerability has been resolved:
net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
|
2024-10-29 |
CVE-2024-50068 |
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()
|
2024-10-29 |
CVE-2024-50069 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: apple: check devm_kasprintf() returned value
|
2024-10-29 |
CVE-2024-50088 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix uninitialized pointer free in add_inode_ref()
|
2024-10-29 |
CVE-2024-10462 |
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
|
2024-10-29 |
CVE-2024-45802 |
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
|
2024-10-28 |
CVE-2024-49761 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
|
2024-10-28 |
CVE-2024-50067 |
In the Linux kernel, the following vulnerability has been resolved:
uprobe: avoid out-of-bounds memory access of fetching args
|
2024-10-28 |
CVE-2024-44244 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-10-28 |
CVE-2024-44296 |
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
|
2024-10-28 |
CVE-2024-50613 |
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
|
2024-10-27 |
CVE-2024-50602 |
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
|
2024-10-27 |
CVE-2024-50615 |
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
|
2024-10-27 |
CVE-2024-50612 |
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
|
2024-10-27 |
CVE-2024-50614 |
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
|
2024-10-27 |
CVE-2024-50610 |
GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.
|
2024-10-27 |
CVE-2024-49766 |
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.
|
2024-10-25 |
CVE-2024-49767 |
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
|
2024-10-25 |
CVE-2024-44185 |
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-10-24 |
CVE-2024-48423 |
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
|
2024-10-24 |
CVE-2024-48424 |
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
|
2024-10-24 |
CVE-2024-48425 |
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
|
2024-10-24 |
CVE-2024-0126 |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
2024-10-24 |
CVE-2024-48426 |
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
|
2024-10-24 |
CVE-2024-50383 |
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386. (Only 32-bit processors can be affected.)
|
2024-10-23 |
CVE-2024-50382 |
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.
|
2024-10-23 |
CVE-2024-50066 |
In the Linux kernel, the following vulnerability has been resolved:
mm/mremap: fix move_normal_pmd/retract_page_tables race
|
2024-10-23 |
CVE-2024-10041 |
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
|
2024-10-23 |
CVE-2023-52919 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
|
2024-10-22 |
CVE-2024-9050 |
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
|
2024-10-22 |
CVE-2024-9287 |
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
|
2024-10-22 |
CVE-2023-52918 |
In the Linux kernel, the following vulnerability has been resolved:
media: pci: cx23885: check cx23885_vdev_init() return
|
2024-10-22 |
CVE-2024-49901 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
|
2024-10-21 |
CVE-2024-47757 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete()
|
2024-10-21 |
CVE-2022-48992 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: soc-pcm: Add NULL check in BE reparenting
|
2024-10-21 |
CVE-2022-48950 |
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix perf_pending_task() UaF
|
2024-10-21 |
CVE-2024-47733 |
In the Linux kernel, the following vulnerability has been resolved:
netfs: Delete subtree of 'fs/netfs' when netfs module exits
|
2024-10-21 |
CVE-2024-50026 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: wd33c93: Don't use stale scsi_pointer value
|
2024-10-21 |
CVE-2024-47675 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
|
2024-10-21 |
CVE-2024-50005 |
In the Linux kernel, the following vulnerability has been resolved:
mac802154: Fix potential RCU dereference issue in mac802154_scan_worker
|
2024-10-21 |
CVE-2024-49915 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw
|
2024-10-21 |
CVE-2022-48974 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: fix using __this_cpu_add in preemptible
|
2024-10-21 |
CVE-2024-47678 |
In the Linux kernel, the following vulnerability has been resolved:
icmp: change the order of rate limits
|
2024-10-21 |
CVE-2024-50046 |
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
|
2024-10-21 |
CVE-2024-49990 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/hdcp: Check GSC structure validity
|
2024-10-21 |
CVE-2022-48982 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix crash when replugging CSR fake controllers
|
2024-10-21 |
CVE-2024-49955 |
In the Linux kernel, the following vulnerability has been resolved:
ACPI: battery: Fix possible crash when unregistering a battery hook
|
2024-10-21 |
CVE-2024-49997 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: lantiq_etop: fix memory disclosure
|
2024-10-21 |
CVE-2024-50019 |
In the Linux kernel, the following vulnerability has been resolved:
kthread: unpark only parked kthread
|
2024-10-21 |
CVE-2024-47723 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix out-of-bounds in dbNextAG() and diAlloc()
|
2024-10-21 |
CVE-2022-48952 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: mt7621: Add sentinel to quirks table
|
2024-10-21 |
CVE-2024-49895 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
|
2024-10-21 |
CVE-2024-49974 |
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations
|
2024-10-21 |
CVE-2024-50007 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: asihpi: Fix potential OOB array access
|
2024-10-21 |
CVE-2024-49946 |
In the Linux kernel, the following vulnerability has been resolved:
ppp: do not assume bh is held in ppp_channel_bridge_input()
|
2024-10-21 |
CVE-2024-47686 |
In the Linux kernel, the following vulnerability has been resolved:
ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
|
2024-10-21 |
CVE-2024-47717 |
In the Linux kernel, the following vulnerability has been resolved:
RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data
|
2024-10-21 |
CVE-2024-50038 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
|
2024-10-21 |
CVE-2024-49970 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Implement bounds check for stream encoder creation in DCN401
|
2024-10-21 |
CVE-2024-49919 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer
|
2024-10-21 |
CVE-2022-49000 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
|
2024-10-21 |
CVE-2022-49033 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
|
2024-10-21 |
CVE-2024-49913 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
|
2024-10-21 |
CVE-2022-49012 |
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix server->active leak in afs_put_server
|
2024-10-21 |
CVE-2024-50025 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: fnic: Move flush_work initialization out of if block
|
2024-10-21 |
CVE-2024-49865 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/vm: move xa_alloc to prevent UAF
|
2024-10-21 |
CVE-2024-49933 |
In the Linux kernel, the following vulnerability has been resolved:
blk_iocost: fix more out of bound shifts
|
2024-10-21 |
CVE-2022-49017 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: re-fetch skb cb after tipc_msg_validate
|
2024-10-21 |
CVE-2024-49862 |
In the Linux kernel, the following vulnerability has been resolved:
powercap: intel_rapl: Fix off by one in get_rpi()
|
2024-10-21 |
CVE-2024-50015 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: dax: fix overflowing extents beyond inode size when partially writing
|
2024-10-21 |
CVE-2022-48965 |
In the Linux kernel, the following vulnerability has been resolved:
gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
|
2024-10-21 |
CVE-2024-49973 |
In the Linux kernel, the following vulnerability has been resolved:
r8169: add tally counter fields added with RTL8125
|
2024-10-21 |
CVE-2024-50056 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
|
2024-10-21 |
CVE-2024-50034 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC
|
2024-10-21 |
CVE-2024-49957 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix null-ptr-deref when journal load failed.
|
2024-10-21 |
CVE-2024-49905 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)
|
2024-10-21 |
CVE-2024-49927 |
In the Linux kernel, the following vulnerability has been resolved:
x86/ioapic: Handle allocation failures gracefully
|
2024-10-21 |
CVE-2024-49950 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix uaf in l2cap_connect
|
2024-10-21 |
CVE-2024-49876 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: fix UAF around queue destruction
|
2024-10-21 |
CVE-2022-48985 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix race on per-CQ variable napi work_done
|
2024-10-21 |
CVE-2024-49893 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check stream_status before it is used
|
2024-10-21 |
CVE-2024-47713 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
|
2024-10-21 |
CVE-2024-47752 |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
|
2024-10-21 |
CVE-2024-49879 |
In the Linux kernel, the following vulnerability has been resolved:
drm: omapdrm: Add missing check for alloc_ordered_workqueue
|
2024-10-21 |
CVE-2024-49936 |
In the Linux kernel, the following vulnerability has been resolved:
net/xen-netback: prevent UAF in xenvif_flush_hash()
|
2024-10-21 |
CVE-2022-49031 |
In the Linux kernel, the following vulnerability has been resolved:
iio: health: afe4403: Fix oob read in afe4403_read_raw
|
2024-10-21 |
CVE-2022-48988 |
In the Linux kernel, the following vulnerability has been resolved:
memcg: fix possible use-after-free in memcg_write_event_control()
|
2024-10-21 |
CVE-2024-50011 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item
|
2024-10-21 |
CVE-2024-49897 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check phantom_stream before it is used
|
2024-10-21 |
CVE-2024-49998 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: improve shutdown sequence
|
2024-10-21 |
CVE-2024-49979 |
In the Linux kernel, the following vulnerability has been resolved:
net: gso: fix tcp fraglist segmentation after pull from frag_list
|
2024-10-21 |
CVE-2024-50057 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tipd: Free IRQ only if it was requested before
|
2024-10-21 |
CVE-2022-49005 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Fix bounds check for _sx controls
|
2024-10-21 |
CVE-2024-49850 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
|
2024-10-21 |
CVE-2024-49956 |
In the Linux kernel, the following vulnerability has been resolved:
gfs2: fix double destroy_workqueue error
|
2024-10-21 |
CVE-2024-47753 |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
|
2024-10-21 |
CVE-2024-49911 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func
|
2024-10-21 |
CVE-2022-49015 |
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: Fix potential use-after-free
|
2024-10-21 |
CVE-2022-48969 |
In the Linux kernel, the following vulnerability has been resolved:
xen-netfront: Fix NULL sring after live migration
|
2024-10-21 |
CVE-2022-48997 |
In the Linux kernel, the following vulnerability has been resolved:
char: tpm: Protect tpm_pm_suspend with locks
|
2024-10-21 |
CVE-2022-49001 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: fix race when vmap stack overflow
|
2024-10-21 |
CVE-2024-49856 |
In the Linux kernel, the following vulnerability has been resolved:
x86/sgx: Fix deadlock in SGX NUMA node search
|
2024-10-21 |
CVE-2024-47726 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to wait dio completion
|
2024-10-21 |
CVE-2024-49857 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: set the cipher for secured NDP ranging
|
2024-10-21 |
CVE-2024-49963 |
In the Linux kernel, the following vulnerability has been resolved:
mailbox: bcm2835: Fix timeout during suspend mode
|
2024-10-21 |
CVE-2022-48980 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
|
2024-10-21 |
CVE-2024-47704 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check link_res->hpo_dp_link_enc before using it
|
2024-10-21 |
CVE-2022-48956 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: avoid use-after-free in ip6_fragment()
|
2024-10-21 |
CVE-2022-48972 |
In the Linux kernel, the following vulnerability has been resolved:
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
|
2024-10-21 |
CVE-2024-47694 |
In the Linux kernel, the following vulnerability has been resolved:
IB/mlx5: Fix UMR pd cleanup on error flow of driver init
|
2024-10-21 |
CVE-2024-50044 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
|
2024-10-21 |
CVE-2024-49886 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
|
2024-10-21 |
CVE-2024-50040 |
In the Linux kernel, the following vulnerability has been resolved:
igb: Do not bring the device up after non-fatal error
|
2024-10-21 |
CVE-2024-49964 |
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix memfd_pin_folios free_huge_pages leak
|
2024-10-21 |
CVE-2024-49942 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Prevent null pointer access in xe_migrate_copy
|
2024-10-21 |
CVE-2024-47734 |
In the Linux kernel, the following vulnerability has been resolved:
bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
|
2024-10-21 |
CVE-2024-47682 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
|
2024-10-21 |
CVE-2024-49874 |
In the Linux kernel, the following vulnerability has been resolved:
i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition
|
2024-10-21 |
CVE-2024-47720 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
|
2024-10-21 |
CVE-2024-49924 |
In the Linux kernel, the following vulnerability has been resolved:
fbdev: pxafb: Fix possible use after free in pxafb_task()
|
2024-10-21 |
CVE-2024-50037 |
In the Linux kernel, the following vulnerability has been resolved:
drm/fbdev-dma: Only cleanup deferred I/O if necessary
|
2024-10-21 |
CVE-2024-49859 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to check atomic_file in f2fs ioctl interfaces
|
2024-10-21 |
CVE-2022-48975 |
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix memory leak in gpiochip_setup_dev()
|
2024-10-21 |
CVE-2022-49030 |
In the Linux kernel, the following vulnerability has been resolved:
libbpf: Handle size overflow for ringbuf mmap
|
2024-10-21 |
CVE-2024-49864 |
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix a race between socket set up and I/O thread creation
|
2024-10-21 |
CVE-2024-49932 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't readahead the relocation inode on RST
|
2024-10-21 |
CVE-2024-49889 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid use-after-free in ext4_ext_show_leaf()
|
2024-10-21 |
CVE-2022-48981 |
In the Linux kernel, the following vulnerability has been resolved:
drm/shmem-helper: Remove errant put in error path
|
2024-10-21 |
CVE-2024-49855 |
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between timeout and normal completion
|
2024-10-21 |
CVE-2022-48990 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix use-after-free during gpu recovery
|
2024-10-21 |
CVE-2022-48955 |
In the Linux kernel, the following vulnerability has been resolved:
net: thunderbolt: fix memory leak in tbnet_open()
|
2024-10-21 |
CVE-2022-48991 |
In the Linux kernel, the following vulnerability has been resolved:
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
|
2024-10-21 |
CVE-2024-49984 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Prevent out of bounds access in performance query extensions
|
2024-10-21 |
CVE-2022-49010 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Check for null before removing sysfs attrs
|
2024-10-21 |
CVE-2024-47680 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: check discard support for conventional zones
|
2024-10-21 |
CVE-2024-49948 |
In the Linux kernel, the following vulnerability has been resolved:
net: add more sanity checks to qdisc_pkt_len_init()
|
2024-10-21 |
CVE-2024-49960 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix timer use-after-free on failed mount
|
2024-10-21 |
CVE-2022-49028 |
In the Linux kernel, the following vulnerability has been resolved:
ixgbevf: Fix resource leak in ixgbevf_init_module()
|
2024-10-21 |
CVE-2022-49007 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
|
2024-10-21 |
CVE-2022-48995 |
In the Linux kernel, the following vulnerability has been resolved:
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
|
2024-10-21 |
CVE-2022-49025 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table
|
2024-10-21 |
CVE-2024-50059 |
In the Linux kernel, the following vulnerability has been resolved:
ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
|
2024-10-21 |
CVE-2024-47741 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix race setting file private on concurrent lseek using same fd
|
2024-10-21 |
CVE-2024-49917 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw
|
2024-10-21 |
CVE-2024-49961 |
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: ar0521: Use cansleep version of gpiod_set_value()
|
2024-10-21 |
CVE-2022-48970 |
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Get user_ns from in_skb in unix_diag_get_exact().
|
2024-10-21 |
CVE-2024-50055 |
In the Linux kernel, the following vulnerability has been resolved:
driver core: bus: Fix double free in driver API bus_register()
|
2024-10-21 |
CVE-2024-49962 |
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
|
2024-10-21 |
CVE-2024-49899 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Initialize denominators' default to 1
|
2024-10-21 |
CVE-2024-47724 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: use work queue to process beacon tx event
|
2024-10-21 |
CVE-2024-49906 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointer before try to access it
|
2024-10-21 |
CVE-2024-49861 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix helper writes to read-only maps
|
2024-10-21 |
CVE-2024-49877 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
|
2024-10-21 |
CVE-2024-49940 |
In the Linux kernel, the following vulnerability has been resolved:
l2tp: prevent possible tunnel refcount underflow
|
2024-10-21 |
CVE-2022-48977 |
In the Linux kernel, the following vulnerability has been resolved:
can: af_can: fix NULL pointer dereference in can_rcv_filter
|
2024-10-21 |
CVE-2024-49916 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw
|
2024-10-21 |
CVE-2023-52917 |
In the Linux kernel, the following vulnerability has been resolved:
ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
|
2024-10-21 |
CVE-2024-47716 |
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros
|
2024-10-21 |
CVE-2024-47702 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fail verification for sign-extension of packet data/data_end/data_meta
|
2024-10-21 |
CVE-2024-47735 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
|
2024-10-21 |
CVE-2024-49935 |
In the Linux kernel, the following vulnerability has been resolved:
ACPI: PAD: fix crash in exit_round_robin()
|
2024-10-21 |
CVE-2024-47746 |
In the Linux kernel, the following vulnerability has been resolved:
fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set
|
2024-10-21 |
CVE-2024-49851 |
In the Linux kernel, the following vulnerability has been resolved:
tpm: Clean up TPM space after command failure
|
2024-10-21 |
CVE-2024-50032 |
In the Linux kernel, the following vulnerability has been resolved:
rcu/nocb: Fix rcuog wake-up from offline softirq
|
2024-10-21 |
CVE-2024-47748 |
In the Linux kernel, the following vulnerability has been resolved:
vhost_vdpa: assign irq bypass producer token correctly
|
2024-10-21 |
CVE-2024-49977 |
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: Fix zero-division error when disabling tc cbs
|
2024-10-21 |
CVE-2024-49869 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: send: fix buffer overflow detection when copying path to cache entry
|
2024-10-21 |
CVE-2024-50047 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in async decryption
|
2024-10-21 |
CVE-2024-49903 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix uaf in dbFreeBits
|
2024-10-21 |
CVE-2024-49900 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix uninit-value access of new_ea in ea_buffer
|
2024-10-21 |
CVE-2024-49945 |
In the Linux kernel, the following vulnerability has been resolved:
net/ncsi: Disable the ncsi work before freeing the associated structure
|
2024-10-21 |
CVE-2022-48949 |
In the Linux kernel, the following vulnerability has been resolved:
igb: Initialize mailbox message for VF reset
|
2024-10-21 |
CVE-2024-49996 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points
|
2024-10-21 |
CVE-2024-49887 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to don't panic system for no free segment fault injection
|
2024-10-21 |
CVE-2024-47711 |
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Don't return OOB skb in manage_oob().
|
2024-10-21 |
CVE-2022-48971 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix not cleanup led when bt_init fails
|
2024-10-21 |
CVE-2024-49878 |
In the Linux kernel, the following vulnerability has been resolved:
resource: fix region_intersects() vs add_memory_driver_managed()
|
2024-10-21 |
CVE-2024-50001 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix error path in multi-packet WQE transmit
|
2024-10-21 |
CVE-2022-48947 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix u8 overflow
|
2024-10-21 |
CVE-2024-49881 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: update orig_path in ext4_find_extent()
|
2024-10-21 |
CVE-2024-47740 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: Require FMODE_WRITE for atomic write ioctls
|
2024-10-21 |
CVE-2024-47681 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he
|
2024-10-21 |
CVE-2024-49953 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice
|
2024-10-21 |
CVE-2022-48959 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
|
2024-10-21 |
CVE-2022-48973 |
In the Linux kernel, the following vulnerability has been resolved:
gpio: amd8111: Fix PCI device reference count leak
|
2024-10-21 |
CVE-2024-49941 |
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()
|
2024-10-21 |
CVE-2024-50004 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35
|
2024-10-21 |
CVE-2024-50058 |
In the Linux kernel, the following vulnerability has been resolved:
serial: protect uart_port_dtr_rts() in uart_shutdown() too
|
2024-10-21 |
CVE-2022-49016 |
In the Linux kernel, the following vulnerability has been resolved:
net: mdiobus: fix unbalanced node reference count
|
2024-10-21 |
CVE-2022-48979 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix array index out of bound error in DCN32 DML
|
2024-10-21 |
CVE-2024-50062 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rtrs-srv: Avoid null pointer deref during path establishment
|
2024-10-21 |
CVE-2024-49958 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: reserve space for inline xattr before attaching reflink tree
|
2024-10-21 |
CVE-2024-49923 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags
|
2024-10-21 |
CVE-2022-48961 |
In the Linux kernel, the following vulnerability has been resolved:
net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
|
2024-10-21 |
CVE-2024-47738 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't use rate mask for offchannel TX either
|
2024-10-21 |
CVE-2024-50039 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: accept TCA_STAB only for root qdisc
|
2024-10-21 |
CVE-2024-50029 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync
|
2024-10-21 |
CVE-2022-48963 |
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: iosm: fix memory leak in ipc_mux_init()
|
2024-10-21 |
CVE-2024-49907 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointers before using dc->clk_mgr
|
2024-10-21 |
CVE-2024-49965 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: remove unreasonable unlock in ocfs2_read_blocks
|
2024-10-21 |
CVE-2024-50013 |
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix memory leak in exfat_load_bitmap()
|
2024-10-21 |
CVE-2024-49918 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer
|
2024-10-21 |
CVE-2022-48968 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix potential memory leak in otx2_init_tc()
|
2024-10-21 |
CVE-2024-49867 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: wait for fixup workers before stopping cleaner kthread during umount
|
2024-10-21 |
CVE-2022-49024 |
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
|
2024-10-21 |
CVE-2024-50003 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix system hang while resume with TBT monitor
|
2024-10-21 |
CVE-2024-49969 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in DCN30 color transformation
|
2024-10-21 |
CVE-2024-49908 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2)
|
2024-10-21 |
CVE-2024-49931 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix array out-of-bound access in SoC stats
|
2024-10-21 |
CVE-2024-49989 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix double free issue during amdgpu module unload
|
2024-10-21 |
CVE-2022-48951 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
|
2024-10-21 |
CVE-2022-48994 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
|
2024-10-21 |
CVE-2024-50049 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointer before dereferencing se
|
2024-10-21 |
CVE-2024-47689 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()
|
2024-10-21 |
CVE-2022-48984 |
In the Linux kernel, the following vulnerability has been resolved:
can: slcan: fix freed work crash
|
2024-10-21 |
CVE-2024-47697 |
In the Linux kernel, the following vulnerability has been resolved:
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
|
2024-10-21 |
CVE-2024-47728 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
|
2024-10-21 |
CVE-2024-49853 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix double free in OPTEE transport
|
2024-10-21 |
CVE-2024-49925 |
In the Linux kernel, the following vulnerability has been resolved:
fbdev: efifb: Register sysfs groups through driver core
|
2024-10-21 |
CVE-2024-49884 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix slab-use-after-free in ext4_split_extent_at()
|
2024-10-21 |
CVE-2022-48957 |
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
|
2024-10-21 |
CVE-2022-49011 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
|
2024-10-21 |
CVE-2024-50030 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/ct: prevent UAF in send_recv()
|
2024-10-21 |
CVE-2024-49959 |
In the Linux kernel, the following vulnerability has been resolved:
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
|
2024-10-21 |
CVE-2024-50017 |
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
|
2024-10-21 |
CVE-2024-49896 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check stream before comparing them
|
2024-10-21 |
CVE-2024-49975 |
In the Linux kernel, the following vulnerability has been resolved:
uprobes: fix kernel info leak via "[uprobes]" vma
|
2024-10-21 |
CVE-2024-47685 |
syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1)
Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put()
|
2024-10-21 |
CVE-2024-47730 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: hisilicon/qm - inject error before stopping queue
|
2024-10-21 |
CVE-2024-49971 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Increase array size of dummy_boolean
|
2024-10-21 |
CVE-2022-48996 |
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes()
|
2024-10-21 |
CVE-2024-47677 |
In the Linux kernel, the following vulnerability has been resolved:
exfat: resolve memory leak from exfat_create_upcase_table()
|
2024-10-21 |
CVE-2024-49982 |
In the Linux kernel, the following vulnerability has been resolved:
aoe: fix the potential use-after-free problem in more places
|
2024-10-21 |
CVE-2024-47683 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip Recompute DSC Params if no Stream on Link
|
2024-10-21 |
CVE-2024-49880 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix off by one issue in alloc_flex_gd()
|
2024-10-21 |
CVE-2024-49888 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a sdiv overflow issue
|
2024-10-21 |
CVE-2024-49972 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Deallocate DML memory if allocation fails
|
2024-10-21 |
CVE-2024-49873 |
In the Linux kernel, the following vulnerability has been resolved:
mm/filemap: fix filemap_get_folios_contig THP panic
|
2024-10-21 |
CVE-2024-50021 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()
|
2024-10-21 |
CVE-2024-50033 |
In the Linux kernel, the following vulnerability has been resolved:
slip: make slhc_remember() more robust against malicious packets
|
2024-10-21 |
CVE-2024-49952 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prevent nf_skb_duplicated corruption
|
2024-10-21 |
CVE-2024-47719 |
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Protect against overflow of ALIGN() during iova allocation
|
2024-10-21 |
CVE-2024-50043 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix possible badness in FREE_STATEID
|
2024-10-21 |
CVE-2024-49954 |
In the Linux kernel, the following vulnerability has been resolved:
static_call: Replace pointless WARN_ON() in static_call_module_notify()
|
2024-10-21 |
CVE-2024-47696 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
|
2024-10-21 |
CVE-2024-49892 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Initialize get_bytes_per_element's default to 1
|
2024-10-21 |
CVE-2024-49926 |
In the Linux kernel, the following vulnerability has been resolved:
rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb()
|
2024-10-21 |
CVE-2024-49995 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: guard against string buffer overrun
|
2024-10-21 |
CVE-2024-49949 |
In the Linux kernel, the following vulnerability has been resolved:
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
|
2024-10-21 |
CVE-2022-49009 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (asus-ec-sensors) Add checks for devm_kcalloc
|
2024-10-21 |
CVE-2024-50006 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix i_data_sem unlock order in ext4_ind_migrate()
|
2024-10-21 |
CVE-2024-49858 |
In the Linux kernel, the following vulnerability has been resolved:
efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
|
2024-10-21 |
CVE-2024-47712 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
|
2024-10-21 |
CVE-2024-47700 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: check stripe size compatibility on remount as well
|
2024-10-21 |
CVE-2024-47736 |
In the Linux kernel, the following vulnerability has been resolved:
erofs: handle overlapped pclusters out of crafted images properly
|
2024-10-21 |
CVE-2024-50010 |
In the Linux kernel, the following vulnerability has been resolved:
exec: don't WARN for racy path_noexec check
|
2024-10-21 |
CVE-2024-49980 |
In the Linux kernel, the following vulnerability has been resolved:
vrf: revert "vrf: Remove unnecessary RCU-bh critical section"
|
2024-10-21 |
CVE-2024-49866 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/timerlat: Fix a race during cpuhp processing
|
2024-10-21 |
CVE-2024-47691 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
|
2024-10-21 |
CVE-2024-47690 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: get rid of online repaire on corrupted directory
|
2024-10-21 |
CVE-2022-48998 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/bpf/32: Fix Oops on tail call tests
|
2024-10-21 |
CVE-2024-50012 |
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: Avoid a bad reference count on CPU node
|
2024-10-21 |
CVE-2024-49986 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors
|
2024-10-21 |
CVE-2022-48948 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler
|
2024-10-21 |
CVE-2022-48966 |
In the Linux kernel, the following vulnerability has been resolved:
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
|
2024-10-21 |
CVE-2024-49934 |
In the Linux kernel, the following vulnerability has been resolved:
fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
|
2024-10-21 |
CVE-2022-49032 |
In the Linux kernel, the following vulnerability has been resolved:
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
|
2024-10-21 |
CVE-2024-50000 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
|
2024-10-21 |
CVE-2024-47705 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix potential invalid pointer dereference in blk_add_partition
|
2024-10-21 |
CVE-2022-49027 |
In the Linux kernel, the following vulnerability has been resolved:
iavf: Fix error handling in iavf_init_module()
|
2024-10-21 |
CVE-2024-47699 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
|
2024-10-21 |
CVE-2024-49944 |
In the Linux kernel, the following vulnerability has been resolved:
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
|
2024-10-21 |
CVE-2024-47714 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: use hweight16 to get correct tx antenna
|
2024-10-21 |
CVE-2022-48987 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-dv-timings.c: fix too strict blanking sanity checks
|
2024-10-21 |
CVE-2024-47695 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds
|
2024-10-21 |
CVE-2024-50002 |
In the Linux kernel, the following vulnerability has been resolved:
static_call: Handle module init failure correctly in static_call_del_module()
|
2024-10-21 |
CVE-2024-50009 |
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value
|
2024-10-21 |
CVE-2024-50014 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix access to uninitialised lock in fc replay path
|
2024-10-21 |
CVE-2024-47707 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
|
2024-10-21 |
CVE-2024-49985 |
In the Linux kernel, the following vulnerability has been resolved:
i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
|
2024-10-21 |
CVE-2024-47676 |
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway
|
2024-10-21 |
CVE-2024-50027 |
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Free tzp copy along with the thermal zone
|
2024-10-21 |
CVE-2024-6519 |
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
|
2024-10-21 |
CVE-2022-48976 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable_offload: fix using __this_cpu_add in preemptible
|
2024-10-21 |
CVE-2024-47703 |
In the Linux kernel, the following vulnerability has been resolved:
bpf, lsm: Add check for BPF LSM return value
|
2024-10-21 |
CVE-2022-49021 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: fix null-ptr-deref while probe() failed
|
2024-10-21 |
CVE-2024-50048 |
In the Linux kernel, the following vulnerability has been resolved:
fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
|
2024-10-21 |
CVE-2024-47756 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
|
2024-10-21 |
CVE-2022-48978 |
In the Linux kernel, the following vulnerability has been resolved:
HID: core: fix shift-out-of-bounds in hid_report_raw_event
|
2024-10-21 |
CVE-2022-49023 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: fix buffer overflow in elem comparison
|
2024-10-21 |
CVE-2024-47737 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: call cache_put if xdr_reserve_space returns NULL
|
2024-10-21 |
CVE-2024-49882 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix double brelse() the buffer of the extents path
|
2024-10-21 |
CVE-2024-47739 |
In the Linux kernel, the following vulnerability has been resolved:
padata: use integer wrap around to prevent deadlock on seq_nr overflow
|
2024-10-21 |
CVE-2024-47744 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock
|
2024-10-21 |
CVE-2022-49018 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix sleep in atomic at close time
|
2024-10-21 |
CVE-2022-48964 |
In the Linux kernel, the following vulnerability has been resolved:
ravb: Fix potential use-after-free in ravb_rx_gbeth()
|
2024-10-21 |
CVE-2024-49914 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe
|
2024-10-21 |
CVE-2024-49872 |
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: fix memfd_pin_folios alloc race panic
|
2024-10-21 |
CVE-2024-49910 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func
|
2024-10-21 |
CVE-2024-47715 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7915: fix oops on non-dbdc mt7986
|
2024-10-21 |
CVE-2024-47718 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: always wait for both firmware loading attempts
|
2024-10-21 |
CVE-2024-47679 |
In the Linux kernel, the following vulnerability has been resolved:
vfs: fix race between evice_inodes() and find_inode()&iput()
|
2024-10-21 |
CVE-2022-48954 |
In the Linux kernel, the following vulnerability has been resolved:
s390/qeth: fix use-after-free in hsci
|
2024-10-21 |
CVE-2022-49026 |
In the Linux kernel, the following vulnerability has been resolved:
e100: Fix possible use after free in e100_xmit_prepare
|
2024-10-21 |
CVE-2024-47706 |
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix possible UAF for bfqq->bic with merge chain
|
2024-10-21 |
CVE-2024-49983 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
|
2024-10-21 |
CVE-2022-48983 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
|
2024-10-21 |
CVE-2024-50060 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: check if we need to reschedule during overflow flush
|
2024-10-21 |
CVE-2024-49947 |
In the Linux kernel, the following vulnerability has been resolved:
net: test for not too small csum_start in virtio_net_hdr_to_skb()
|
2024-10-21 |
CVE-2024-49854 |
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for accessing waker_bfqq after splitting
|
2024-10-21 |
CVE-2024-49898 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null-initialized variables
|
2024-10-21 |
CVE-2024-49870 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix dentry leak in cachefiles_open_file()
|
2024-10-21 |
CVE-2024-49891 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths
|
2024-10-21 |
CVE-2024-50061 |
In the Linux kernel, the following vulnerability has been resolved:
i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
|
2024-10-21 |
CVE-2024-50042 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix increasing MSI-X on VF
|
2024-10-21 |
CVE-2024-49994 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix integer overflow in BLKSECDISCARD
|
2024-10-21 |
CVE-2024-49937 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: Set correct chandef when starting CAC
|
2024-10-21 |
CVE-2024-47743 |
In the Linux kernel, the following vulnerability has been resolved:
KEYS: prevent NULL pointer dereference in find_asymmetric_key()
|
2024-10-21 |
CVE-2024-49868 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
|
2024-10-21 |
CVE-2024-47749 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check for lookup_atid
|
2024-10-21 |
CVE-2024-49920 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointers before multiple uses
|
2024-10-21 |
CVE-2022-49019 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: nixge: fix NULL dereference
|
2024-10-21 |
CVE-2024-47688 |
In the Linux kernel, the following vulnerability has been resolved:
driver core: Fix a potential null-ptr-deref in module_add_driver()
|
2024-10-21 |
CVE-2024-47742 |
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal
|
2024-10-21 |
CVE-2024-50028 |
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Reference count the zone in thermal_zone_get_by_id()
|
2024-10-21 |
CVE-2024-50045 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: fix panic with metadata_dst skb
|
2024-10-21 |
CVE-2022-48960 |
In the Linux kernel, the following vulnerability has been resolved:
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
|
2024-10-21 |
CVE-2024-50024 |
In the Linux kernel, the following vulnerability has been resolved:
net: Fix an unsafe loop on the list
|
2024-10-21 |
CVE-2024-49999 |
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix the setting of the server responding flag
|
2024-10-21 |
CVE-2024-49943 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/guc_submit: add missing locking in wedged_fini
|
2024-10-21 |
CVE-2024-49885 |
In the Linux kernel, the following vulnerability has been resolved:
mm, slub: avoid zeroing kmalloc redzone
|
2024-10-21 |
CVE-2024-50065 |
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: Change to non-blocking allocation in ntfs_d_hash
|
2024-10-21 |
CVE-2022-48986 |
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: fix gup_pud_range() for dax
|
2024-10-21 |
CVE-2024-49987 |
In the Linux kernel, the following vulnerability has been resolved:
bpftool: Fix undefined behavior in qsort(NULL, 0, ...)
|
2024-10-21 |
CVE-2024-50041 |
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
|
2024-10-21 |
CVE-2024-50016 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid overflow assignment in link_dp_cts
|
2024-10-21 |
CVE-2024-47731 |
In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
|
2024-10-21 |
CVE-2024-49894 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in degamma hardware format translation
|
2024-10-21 |
CVE-2022-48967 |
In the Linux kernel, the following vulnerability has been resolved:
NFC: nci: Bounds check struct nfc_target arrays
|
2024-10-21 |
CVE-2024-50063 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent tail call between progs attached to different hooks
|
2024-10-21 |
CVE-2024-49966 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: cancel dqi_sync_work before freeing oinfo
|
2024-10-21 |
CVE-2024-49863 |
In the Linux kernel, the following vulnerability has been resolved:
vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
|
2024-10-21 |
CVE-2024-49922 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointers before using them
|
2024-10-21 |
CVE-2024-49875 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: map the EBADMSG to nfserr_io to avoid warning
|
2024-10-21 |
CVE-2024-50008 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
|
2024-10-21 |
CVE-2022-49014 |
In the Linux kernel, the following vulnerability has been resolved:
net: tun: Fix use-after-free in tun_detach()
|
2024-10-21 |
CVE-2022-49004 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: Sync efi page table's kernel mappings before switching
|
2024-10-21 |
CVE-2024-49904 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: add list empty check to avoid null pointer issue
|
2024-10-21 |
CVE-2024-49883 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent()
|
2024-10-21 |
CVE-2024-47721 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading
|
2024-10-21 |
CVE-2024-47754 |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
|
2024-10-21 |
CVE-2024-47751 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
|
2024-10-21 |
CVE-2024-49967 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: no need to continue when the number of entries is 1
|
2024-10-21 |
CVE-2024-47693 |
In the Linux kernel, the following vulnerability has been resolved:
IB/core: Fix ib_cache_setup_one error flow cleanup
|
2024-10-21 |
CVE-2022-49029 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
|
2024-10-21 |
CVE-2024-47692 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: return -EINVAL when namelen is 0
|
2024-10-21 |
CVE-2022-49013 |
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix memory leak in sctp_stream_outq_migrate()
|
2024-10-21 |
CVE-2024-47747 |
In the Linux kernel, the following vulnerability has been resolved:
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
|
2024-10-21 |
CVE-2024-50036 |
In the Linux kernel, the following vulnerability has been resolved:
net: do not delay dst_entries_add() in dst_release()
|
2024-10-21 |
CVE-2022-48989 |
In the Linux kernel, the following vulnerability has been resolved:
fscache: Fix oops due to race with cookie_lru and use_cookie
|
2024-10-21 |
CVE-2024-49890 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: ensure the fw_info is not null before using it
|
2024-10-21 |
CVE-2024-49852 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
|
2024-10-21 |
CVE-2024-49902 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: check if leafidx greater than num leaves per dmap tree
|
2024-10-21 |
CVE-2024-49929 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: avoid NULL pointer dereference
|
2024-10-21 |
CVE-2022-49008 |
In the Linux kernel, the following vulnerability has been resolved:
can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down
|
2024-10-21 |
CVE-2022-49020 |
In the Linux kernel, the following vulnerability has been resolved:
net/9p: Fix a potential socket leak in p9_socket_open
|
2024-10-21 |
CVE-2024-49976 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/timerlat: Drop interface_lock in stop_kthread()
|
2024-10-21 |
CVE-2024-47684 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: check skb is non-NULL in tcp_rto_delta_us()
|
2024-10-21 |
CVE-2022-49003 |
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix SRCU protection of nvme_ns_head list
|
2024-10-21 |
CVE-2024-50031 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Stop the active perfmon before being destroyed
|
2024-10-21 |
CVE-2022-48953 |
In the Linux kernel, the following vulnerability has been resolved:
rtc: cmos: Fix event handler registration ordering issue
|
2024-10-21 |
CVE-2022-48958 |
In the Linux kernel, the following vulnerability has been resolved:
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
|
2024-10-21 |
CVE-2024-49928 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: avoid reading out of bounds when loading TX power FW elements
|
2024-10-21 |
CVE-2024-49930 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix array out-of-bound access in SoC stats
|
2024-10-21 |
CVE-2022-48962 |
In the Linux kernel, the following vulnerability has been resolved:
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
|
2024-10-21 |
CVE-2024-47750 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08
|
2024-10-21 |
CVE-2024-47698 |
In the Linux kernel, the following vulnerability has been resolved:
drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
|
2024-10-21 |
CVE-2022-48946 |
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix preallocation discarding at indirect extent boundary
|
2024-10-21 |
CVE-2024-49871 |
In the Linux kernel, the following vulnerability has been resolved:
Input: adp5589-keys - fix NULL pointer dereference
|
2024-10-21 |
CVE-2024-50064 |
In the Linux kernel, the following vulnerability has been resolved:
zram: free secondary algorithms names
|
2024-10-21 |
CVE-2022-48999 |
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
|
2024-10-21 |
CVE-2024-47701 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid OOB when system.data xattr changes underneath the filesystem
|
2024-10-21 |
CVE-2024-47729 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Use reserved copy engine for user binds on faulting devices
|
2024-10-21 |
CVE-2024-47708 |
In the Linux kernel, the following vulnerability has been resolved:
netkit: Assign missing bpf_net_context
|
2024-10-21 |
CVE-2024-49951 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible crash on mgmt_index_removed
|
2024-10-21 |
CVE-2022-49006 |
In the Linux kernel, the following vulnerability has been resolved:
tracing: Free buffers when a used dynamic event is removed
|
2024-10-21 |
CVE-2024-50020 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()
|
2024-10-21 |
CVE-2024-49991 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
|
2024-10-21 |
CVE-2024-49909 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func
|
2024-10-21 |
CVE-2022-49002 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
|
2024-10-21 |
CVE-2024-47709 |
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
|
2024-10-21 |
CVE-2024-49921 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointers before used
|
2024-10-21 |
CVE-2024-47745 |
In the Linux kernel, the following vulnerability has been resolved:
mm: call the security_mmap_file() LSM hook in remap_file_pages()
|
2024-10-21 |
CVE-2024-49938 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
|
2024-10-21 |
CVE-2024-47710 |
In the Linux kernel, the following vulnerability has been resolved:
sock_map: Add a cond_resched() in sock_hash_free()
|
2024-10-21 |
CVE-2024-49968 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: filesystems without casefold feature cannot be mounted with siphash
|
2024-10-21 |
CVE-2022-49022 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
|
2024-10-21 |
CVE-2024-50022 |
In the Linux kernel, the following vulnerability has been resolved:
device-dax: correct pgoff align in dax_set_mapping()
|
2024-10-21 |
CVE-2024-47727 |
In the Linux kernel, the following vulnerability has been resolved:
x86/tdx: Fix "in-kernel MMIO" check
|
2024-10-21 |
CVE-2024-49912 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
|
2024-10-21 |
CVE-2024-49988 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: add refcnt to ksmbd_conn struct
|
2024-10-21 |
CVE-2024-49978 |
In the Linux kernel, the following vulnerability has been resolved:
gso: fix udp gso fraglist segmentation after pull from frag_list
|
2024-10-21 |
CVE-2024-49981 |
In the Linux kernel, the following vulnerability has been resolved:
media: venus: fix use after free bug in venus_remove due to race condition
|
2024-10-21 |
CVE-2024-47687 |
In the Linux kernel, the following vulnerability has been resolved:
vdpa/mlx5: Fix invalid mr resource destroy
|
2024-10-21 |
CVE-2024-47732 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix potential use after free bug
|
2024-10-21 |
CVE-2024-49939 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: avoid to add interface to list twice when SER
|
2024-10-21 |
CVE-2024-49860 |
In the Linux kernel, the following vulnerability has been resolved:
ACPI: sysfs: validate return type of _STR method
|
2024-10-21 |
CVE-2024-50023 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: Remove LED entry from LEDs list on unregister
|
2024-10-21 |
CVE-2024-50035 |
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix ppp_async_encode() illegal access
|
2024-10-21 |
CVE-2024-49992 |
In the Linux kernel, the following vulnerability has been resolved:
drm/stm: Avoid use-after-free issues with crtc and plane
|
2024-10-21 |
CVE-2024-21536 |
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
|
2024-10-19 |
CVE-2023-26785 |
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.
|
2024-10-17 |
CVE-2024-27766 |
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
|
2024-10-17 |
CVE-2023-39593 |
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
|
2024-10-17 |
CVE-2023-32190 |
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.
|
2024-10-16 |
CVE-2024-9143 |
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial can lead to out-of-bounds memory reads
or writes.
Impact summary: Out of bound memory writes can lead to an application crash or
even a possibility of a remote code execution, however, in all the protocols
involving Elliptic Curve Cryptography that we're aware of, either only "named
curves" are supported, or, if explicit curve parameters are supported, they
specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent
problematic input values. Thus the likelihood of existence of a vulnerable
application is low.
In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,
so problematic inputs cannot occur in the context of processing X.509
certificates. Any problematic use-cases would have to be using an "exotic"
curve encoding.
The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),
and various supporting BN_GF2m_*() functions.
Applications working with "exotic" explicit binary (GF(2^m)) curve parameters,
that make it possible to represent invalid field polynomials with a zero
constant term, via the above or similar APIs, may terminate abruptly as a
result of reading or writing outside of array bounds. Remote code execution
cannot easily be ruled out.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
|
2024-10-16 |
CVE-2024-21212 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21231 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).
|
2024-10-15 |
CVE-2024-21196 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21194 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21239 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21193 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21207 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21243 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
|
2024-10-15 |
CVE-2024-21197 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21199 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21244 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
|
2024-10-15 |
CVE-2024-21238 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21200 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21217 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-10-15 |
CVE-2024-21201 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21210 |
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
|
2024-10-15 |
CVE-2024-21218 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21213 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21219 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21209 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).
|
2024-10-15 |
CVE-2024-9979 |
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.
|
2024-10-15 |
CVE-2024-21208 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-10-15 |
CVE-2024-21241 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-47674 |
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid leaving partial pfn mappings around in error case
|
2024-10-15 |
CVE-2024-21237 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
|
2024-10-15 |
CVE-2024-10004 |
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.
|
2024-10-15 |
CVE-2024-21230 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21203 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21235 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
|
2024-10-15 |
CVE-2024-21204 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21198 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21247 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
|
2024-10-15 |
CVE-2024-21236 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-10-15 |
CVE-2024-21232 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
|
2024-10-15 |
CVE-2024-47831 |
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.
|
2024-10-14 |
CVE-2024-9936 |
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.
|
2024-10-14 |
CVE-2024-49214 |
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
|
2024-10-14 |
CVE-2024-8184 |
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
|
2024-10-14 |
CVE-2024-6762 |
Jetty PushSessionCacheFilter can be exploited by unauthenticated users
to launch remote DoS attacks by exhausting the server’s memory.
|
2024-10-14 |
CVE-2024-9823 |
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
|
2024-10-14 |
CVE-2024-8928 |
php: Erroneous parsing of multipart form data
|
2024-10-12 |
CVE-2024-48949 |
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
|
2024-10-10 |
CVE-2024-48957 |
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
|
2024-10-10 |
CVE-2024-9780 |
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
|
2024-10-10 |
CVE-2024-48958 |
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
|
2024-10-10 |
CVE-2024-9781 |
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file
|
2024-10-10 |
CVE-2024-47666 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm80xx: Set phy->enable_completion only when we wait for it
|
2024-10-09 |
CVE-2024-46870 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Disable DMCUB timeout for DCN35
|
2024-10-09 |
CVE-2024-47671 |
In the Linux kernel, the following vulnerability has been resolved:
USB: usbtmc: prevent kernel-usb-infoleak
|
2024-10-09 |
CVE-2024-47673 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
|
2024-10-09 |
CVE-2024-47663 |
In the Linux kernel, the following vulnerability has been resolved:
staging: iio: frequency: ad9834: Validate frequency parameter value
|
2024-10-09 |
CVE-2024-47662 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
|
2024-10-09 |
CVE-2024-47664 |
In the Linux kernel, the following vulnerability has been resolved:
spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware
|
2024-10-09 |
CVE-2024-47672 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
|
2024-10-09 |
CVE-2024-47667 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
|
2024-10-09 |
CVE-2024-47668 |
In the Linux kernel, the following vulnerability has been resolved:
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
|
2024-10-09 |
CVE-2024-47670 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: add bounds checking to ocfs2_xattr_find_entry()
|
2024-10-09 |
CVE-2024-47658 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: stm32/cryp - call finalize with bh disabled
|
2024-10-09 |
CVE-2024-47659 |
In the Linux kernel, the following vulnerability has been resolved:
smack: tcp: ipv4, fix incorrect labeling
|
2024-10-09 |
CVE-2024-47669 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix state management in error path of log writing function
|
2024-10-09 |
CVE-2024-47665 |
In the Linux kernel, the following vulnerability has been resolved:
i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
|
2024-10-09 |
CVE-2024-28168 |
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.
This issue affects Apache XML Graphics FOP: 2.9.
Users are recommended to upgrade to version 2.10, which fixes the issue.
|
2024-10-09 |
CVE-2024-45720 |
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.
All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.
Subversion is not affected on UNIX-like platforms.
|
2024-10-09 |
CVE-2024-47660 |
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: clear PARENT_WATCHED flags lazily
|
2024-10-09 |
CVE-2024-9680 |
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1.
|
2024-10-09 |
CVE-2024-47661 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid overflow from uint32_t to uint8_t
|
2024-10-09 |
CVE-2024-46292 |
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter.
|
2024-10-09 |
CVE-2024-46871 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
|
2024-10-09 |
CVE-2024-43484 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
|
2024-10-08 |
CVE-2024-43485 |
.NET and Visual Studio Denial of Service Vulnerability
|
2024-10-08 |
CVE-2024-38229 |
.NET and Visual Studio Remote Code Execution Vulnerability
|
2024-10-08 |
CVE-2024-43483 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
|
2024-10-08 |
CVE-2024-43364 |
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-43362 |
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
|
2024-10-07 |
CVE-2024-31227 |
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-31449 |
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-47814 |
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-43363 |
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-31228 |
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-47191 |
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
|
2024-10-07 |
CVE-2024-43365 |
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-47850 |
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
|
2024-10-04 |
CVE-2024-42415 |
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
2024-10-03 |
CVE-2024-8508 |
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
|
2024-10-03 |
CVE-2024-47554 |
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
|
2024-10-03 |
CVE-2024-36474 |
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
2024-10-03 |
CVE-2024-47611 |
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected.
|
2024-10-02 |
CVE-2024-9392 |
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9393 |
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9401 |
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9397 |
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9355 |
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
|
2024-10-01 |
CVE-2024-9403 |
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9394 |
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9399 |
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9400 |
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9396 |
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9402 |
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9398 |
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9395 |
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
|
2024-10-01 |
CVE-2024-9391 |
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.
*This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
|
2024-10-01 |
CVE-2024-45993 |
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
|
2024-09-30 |
CVE-2024-9026 |
Logs from childrens may be altered
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5
NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24)
|
2024-09-29 |
CVE-2024-38286 |
tomcat: Denial of Service in Tomcat
|
2024-09-27 |
CVE-2024-46803 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Check debug trap enable before write dbg_ev_file
|
2024-09-27 |
CVE-2024-46809 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check BIOS images before it is used
|
2024-09-27 |
CVE-2024-46813 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check link_index before accessing dc->links[]
|
2024-09-27 |
CVE-2024-46866 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: add missing bo locking in show_meminfo()
|
2024-09-27 |
CVE-2024-46806 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix the warning division or modulo by zero
|
2024-09-27 |
CVE-2024-46860 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
|
2024-09-27 |
CVE-2024-46818 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check gpio_id before used as array index
|
2024-09-27 |
CVE-2024-46804 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add array index check for hdcp ddc access
|
2024-09-27 |
CVE-2024-46822 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
|
2024-09-27 |
CVE-2024-46852 |
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix off-by-one in CMA heap fault handler
|
2024-09-27 |
CVE-2024-8926 |
Bypass of CVE-2024-4577, Parameter Injection Vulnerability
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq
NOTE: https://github.com/php/php-src/commit/abcfd980bfa03298792fd3aba051c78d52f10642 (PHP-8.2.24)
|
2024-09-27 |
CVE-2024-38796 |
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
|
2024-09-27 |
CVE-2024-46829 |
In the Linux kernel, the following vulnerability has been resolved:
rtmutex: Drop rt_mutex::wait_lock before scheduling
|
2024-09-27 |
CVE-2024-46855 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: fix sk refcount leaks
|
2024-09-27 |
CVE-2024-46858 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: Fix uaf in __timer_delete_sync
|
2024-09-27 |
CVE-2024-46827 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix firmware crash due to invalid peer nss
|
2024-09-27 |
CVE-2024-46821 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix negative array index read
|
2024-09-27 |
CVE-2024-8805 |
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e
DEBIANBUG: [1082849]
|
2024-09-27 |
CVE-2024-46810 |
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
|
2024-09-27 |
CVE-2024-46850 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
|
2024-09-27 |
CVE-2024-46828 |
In the Linux kernel, the following vulnerability has been resolved:
sched: sch_cake: fix bulk flow accounting logic for host fairness
|
2024-09-27 |
CVE-2024-46843 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Remove SCSI host only if added
|
2024-09-27 |
CVE-2024-46816 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
|
2024-09-27 |
CVE-2024-8927 |
cgi.force_redirect configuration is byppassible due to the environment variable collision
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
NOTE: https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24)
|
2024-09-27 |
CVE-2024-46854 |
In the Linux kernel, the following vulnerability has been resolved:
net: dpaa: Pad packets to ETH_ZLEN
|
2024-09-27 |
CVE-2024-46802 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: added NULL check at start of dc_validate_stream
|
2024-09-27 |
CVE-2024-46805 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix the waring dereferencing hive
|
2024-09-27 |
CVE-2024-46853 |
In the Linux kernel, the following vulnerability has been resolved:
spi: nxp-fspi: fix the KASAN report out-of-bounds bug
|
2024-09-27 |
CVE-2024-46835 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix smatch static checker warning
|
2024-09-27 |
CVE-2024-46847 |
In the Linux kernel, the following vulnerability has been resolved:
mm: vmalloc: ensure vmap_block is initialised before adding to queue
|
2024-09-27 |
CVE-2024-46807 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: Check tbo resource pointer
|
2024-09-27 |
CVE-2024-46836 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: aspeed_udc: validate endpoint index for ast udc
|
2024-09-27 |
CVE-2024-46814 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check msg_id before processing transcation
|
2024-09-27 |
CVE-2024-46817 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
|
2024-09-27 |
CVE-2024-46825 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
|
2024-09-27 |
CVE-2024-46865 |
In the Linux kernel, the following vulnerability has been resolved:
fou: fix initialization of grc
|
2024-09-27 |
CVE-2024-46824 |
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Require drivers to supply the cache_invalidate_user ops
|
2024-09-27 |
CVE-2024-46823 |
In the Linux kernel, the following vulnerability has been resolved:
kunit/overflow: Fix UB in overflow_allocation_test
|
2024-09-27 |
CVE-2024-46833 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: void array out of bound when loop tnl_num
|
2024-09-27 |
CVE-2024-46845 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/timerlat: Only clear timer if a kthread exists
|
2024-09-27 |
CVE-2024-46856 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
|
2024-09-27 |
CVE-2024-46861 |
In the Linux kernel, the following vulnerability has been resolved:
usbnet: ipheth: do not stop RX on failing RX callback
|
2024-09-27 |
CVE-2024-46859 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
|
2024-09-27 |
CVE-2024-8925 |
Erroneous parsing of multipart form data
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24)
|
2024-09-27 |
CVE-2024-46851 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
|
2024-09-27 |
CVE-2024-46812 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration
|
2024-09-27 |
CVE-2024-46831 |
In the Linux kernel, the following vulnerability has been resolved:
net: microchip: vcap: Fix use-after-free error in kunit test
|
2024-09-27 |
CVE-2024-46820 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend
|
2024-09-27 |
CVE-2024-46844 |
In the Linux kernel, the following vulnerability has been resolved:
um: line: always fill *error_out in setup_one_line()
|
2024-09-27 |
CVE-2024-46840 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: clean up our handling of refs == 0 in snapshot delete
|
2024-09-27 |
CVE-2024-46842 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
|
2024-09-27 |
CVE-2024-46837 |
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Restrict high priorities on group_create
|
2024-09-27 |
CVE-2024-46862 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item
|
2024-09-27 |
CVE-2024-46849 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: meson: axg-card: fix 'use-after-free'
|
2024-09-27 |
CVE-2024-46819 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: the warning dereferencing obj for nbio_v7_4
|
2024-09-27 |
CVE-2024-46815 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
|
2024-09-27 |
CVE-2024-46808 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range
|
2024-09-27 |
CVE-2024-46864 |
In the Linux kernel, the following vulnerability has been resolved:
x86/hyperv: fix kexec crash due to VP assist page corruption
|
2024-09-27 |
CVE-2024-46811 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box
|
2024-09-27 |
CVE-2024-0133 |
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
|
2024-09-26 |
CVE-2024-0132 |
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
2024-09-26 |
CVE-2024-47175 |
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
|
2024-09-26 |
CVE-2024-47176 |
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL.
Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
|
2024-09-26 |
CVE-2024-47076 |
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
|
2024-09-26 |
CVE-2024-47177 |
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
|
2024-09-26 |
CVE-2024-47068 |
Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 3.29.5 and 4.22.4 contain a patch for the vulnerability.
|
2024-09-23 |
CVE-2024-42861 |
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
|
2024-09-23 |
CVE-2022-48945 |
In the Linux kernel, the following vulnerability has been resolved:
media: vivid: fix compose size exceed boundary
|
2024-09-23 |
CVE-2024-47220 |
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
|
2024-09-22 |
CVE-2024-45808 |
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-45809 |
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-45810 |
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-45807 |
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.
|
2024-09-20 |
CVE-2024-45806 |
Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-45770 |
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
|
2024-09-19 |
CVE-2024-7254 |
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
|
2024-09-19 |
CVE-2024-7207 |
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487.
|
2024-09-19 |
CVE-2024-45769 |
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
|
2024-09-19 |
CVE-2024-46715 |
In the Linux kernel, the following vulnerability has been resolved:
driver: iio: add missing checks on iio_info's callback access
|
2024-09-18 |
CVE-2024-46765 |
In the Linux kernel, the following vulnerability has been resolved:
ice: protect XDP configuration with a mutex
|
2024-09-18 |
CVE-2024-46722 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix mc_data out-of-bounds read warning
|
2024-09-18 |
CVE-2024-46772 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check denominator crb_pipes before used
|
2024-09-18 |
CVE-2024-46755 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
|
2024-09-18 |
CVE-2024-46796 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix double put of @cfile in smb2_set_path_size()
|
2024-09-18 |
CVE-2024-46784 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
|
2024-09-18 |
CVE-2024-46734 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix race between direct IO write and fsync when using same fd
|
2024-09-18 |
CVE-2024-46751 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
|
2024-09-18 |
CVE-2024-46729 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix incorrect size calculation for loop
|
2024-09-18 |
CVE-2024-46747 |
In the Linux kernel, the following vulnerability has been resolved:
HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
|
2024-09-18 |
CVE-2024-46792 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: misaligned: Restrict user access to kernel memory
|
2024-09-18 |
CVE-2024-46741 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix double free of 'buf' in error path
|
2024-09-18 |
CVE-2024-46744 |
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: sanity check symbolic link size
|
2024-09-18 |
CVE-2024-46793 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder
|
2024-09-18 |
CVE-2024-46724 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
|
2024-09-18 |
CVE-2024-46743 |
In the Linux kernel, the following vulnerability has been resolved:
of/irq: Prevent device address out-of-bounds read in interrupt map walk
|
2024-09-18 |
CVE-2024-46771 |
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Remove proc entry when dev is unregistered.
|
2024-09-18 |
CVE-2024-46768 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (hp-wmi-sensors) Check if WMI event data exists
|
2024-09-18 |
CVE-2024-46773 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check denominator pbn_div before used
|
2024-09-18 |
CVE-2024-46725 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds write warning
|
2024-09-18 |
CVE-2024-46721 |
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix possible NULL pointer dereference
|
2024-09-18 |
CVE-2024-46767 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: Fix missing of_node_put() for leds
|
2024-09-18 |
CVE-2024-46764 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: add check for invalid name in btf_name_valid_section()
|
2024-09-18 |
CVE-2024-46740 |
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF caused by offsets overwrite
|
2024-09-18 |
CVE-2024-46769 |
In the Linux kernel, the following vulnerability has been resolved:
spi: intel: Add check devm_kasprintf() returned value
|
2024-09-18 |
CVE-2024-46783 |
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: fix return value of tcp_bpf_sendmsg()
|
2024-09-18 |
CVE-2024-46776 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Run DC_LOG_DC after checking link->link_enc
|
2024-09-18 |
CVE-2024-46738 |
In the Linux kernel, the following vulnerability has been resolved:
VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
|
2024-09-18 |
CVE-2024-46749 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
|
2024-09-18 |
CVE-2024-46736 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix double put of @cfile in smb2_rename_path()
|
2024-09-18 |
CVE-2024-46788 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/osnoise: Use a cpumask to know what threads are kthreads
|
2024-09-18 |
CVE-2024-46766 |
In the Linux kernel, the following vulnerability has been resolved:
ice: move netif_queue_set_napi to rtnl-protected sections
|
2024-09-18 |
CVE-2024-46761 |
In the Linux kernel, the following vulnerability has been resolved:
pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
|
2024-09-18 |
CVE-2024-46775 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Validate function returns
|
2024-09-18 |
CVE-2024-46758 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm95234) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46719 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Fix null pointer dereference in trace
|
2024-09-18 |
CVE-2024-46781 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix missing cleanup on rollforward recovery error
|
2024-09-18 |
CVE-2024-46760 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: usb: schedule rx work after everything is set up
|
2024-09-18 |
CVE-2024-46714 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
|
2024-09-18 |
CVE-2024-46716 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
|
2024-09-18 |
CVE-2024-46754 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Remove tst_run from lwt_seg6local_prog_ops.
|
2024-09-18 |
CVE-2024-46745 |
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - reject requests with unreasonable number of slots
|
2024-09-18 |
CVE-2024-46786 |
In the Linux kernel, the following vulnerability has been resolved:
fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
|
2024-09-18 |
CVE-2024-46759 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (adc128d818) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46799 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX
|
2024-09-18 |
CVE-2024-46800 |
In the Linux kernel, the following vulnerability has been resolved:
sch/netem: fix use after free in netem_dequeue
|
2024-09-18 |
CVE-2024-46723 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix ucode out-of-bounds read warning
|
2024-09-18 |
CVE-2024-46727 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
|
2024-09-18 |
CVE-2024-46717 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: SHAMPO, Fix incorrect page release
|
2024-09-18 |
CVE-2024-46801 |
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
|
2024-09-18 |
CVE-2024-46780 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: protect references to superblock parameters exposed in sysfs
|
2024-09-18 |
CVE-2024-46756 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46779 |
In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: Free pvr_vm_gpuva after unlink
|
2024-09-18 |
CVE-2024-46762 |
In the Linux kernel, the following vulnerability has been resolved:
xen: privcmd: Fix possible access to a freed kirqfd instance
|
2024-09-18 |
CVE-2024-46726 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Ensure index calculation will not overflow
|
2024-09-18 |
CVE-2024-46790 |
In the Linux kernel, the following vulnerability has been resolved:
codetag: debug: mark codetags for poisoned page as empty
|
2024-09-18 |
CVE-2024-46753 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle errors from btrfs_dec_ref() properly
|
2024-09-18 |
CVE-2024-46763 |
In the Linux kernel, the following vulnerability has been resolved:
fou: Fix null-ptr-deref in GRO.
|
2024-09-18 |
CVE-2024-46778 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check UnboundedRequestEnabled's value
|
2024-09-18 |
CVE-2024-46777 |
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid excessive partition lengths
|
2024-09-18 |
CVE-2024-46746 |
In the Linux kernel, the following vulnerability has been resolved:
HID: amd_sfh: free driver_data after destroying hid device
|
2024-09-18 |
CVE-2024-46794 |
In the Linux kernel, the following vulnerability has been resolved:
x86/tdx: Fix data leak in mmio_read()
|
2024-09-18 |
CVE-2024-46732 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Assign linear_pitch_alignment even for VM
|
2024-09-18 |
CVE-2024-46789 |
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook
|
2024-09-18 |
CVE-2024-46720 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix dereference after null check
|
2024-09-18 |
CVE-2024-46782 |
In the Linux kernel, the following vulnerability has been resolved:
ila: call nf_unregister_net_hooks() sooner
|
2024-09-18 |
CVE-2024-46795 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: unset the binding mark of a reused connection
|
2024-09-18 |
CVE-2024-46791 |
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
|
2024-09-18 |
CVE-2024-46750 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pci_bus_lock()
|
2024-09-18 |
CVE-2024-46770 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Add netif_device_attach/detach into PF reset flow
|
2024-09-18 |
CVE-2024-46774 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
|
2024-09-18 |
CVE-2024-46797 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/qspinlock: Fix deadlock in MCS queue
|
2024-09-18 |
CVE-2024-46733 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix qgroup reserve leaks in cow_file_range
|
2024-09-18 |
CVE-2024-46739 |
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
|
2024-09-18 |
CVE-2024-46752 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
|
2024-09-18 |
CVE-2024-46735 |
In the Linux kernel, the following vulnerability has been resolved:
ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
|
2024-09-18 |
CVE-2024-46787 |
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: fix checks for huge PMDs
|
2024-09-18 |
CVE-2024-46728 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check index for aux_rd_interval before using
|
2024-09-18 |
CVE-2024-46798 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
|
2024-09-18 |
CVE-2024-46718 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Don't overmap identity VRAM mapping
|
2024-09-18 |
CVE-2024-46785 |
In the Linux kernel, the following vulnerability has been resolved:
eventfs: Use list_del_rcu() for SRCU protected list variable
|
2024-09-18 |
CVE-2024-46742 |
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
|
2024-09-18 |
CVE-2024-46748 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
|
2024-09-18 |
CVE-2024-46757 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46730 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Ensure array index tg_inst won't be -1
|
2024-09-18 |
CVE-2024-46737 |
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: fix kernel crash if commands allocation fails
|
2024-09-18 |
CVE-2024-46731 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: fix the Out-of-bounds read warning
|
2024-09-18 |
CVE-2024-8900 |
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129.
|
2024-09-17 |
CVE-2024-44187 |
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
|
2024-09-17 |
CVE-2024-7788 |
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
|
2024-09-17 |
CVE-2024-40866 |
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
|
2024-09-17 |
CVE-2024-40857 |
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
|
2024-09-17 |
CVE-2024-8897 |
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.
|
2024-09-17 |
CVE-2024-8775 |
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
|
2024-09-14 |
CVE-2024-46698 |
In the Linux kernel, the following vulnerability has been resolved:
video/aperture: optionally match the device in sysfb_disable()
|
2024-09-13 |
CVE-2024-46673 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: aacraid: Fix double-free on probe failure
|
2024-09-13 |
CVE-2024-46675 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: Prevent USB core invalid event buffer address access
|
2024-09-13 |
CVE-2024-46697 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: ensure that nfsd4_fattr_args.context is zeroed out
|
2024-09-13 |
CVE-2024-46706 |
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
|
2024-09-13 |
CVE-2024-46689 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
|
2024-09-13 |
CVE-2024-46676 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Add poll mod list filling check
|
2024-09-13 |
CVE-2024-46678 |
In the Linux kernel, the following vulnerability has been resolved:
bonding: change ipsec_lock from spin lock to mutex
|
2024-09-13 |
CVE-2024-46695 |
In the Linux kernel, the following vulnerability has been resolved:
selinux,smack: don't bypass permissions check in inode_setsecctx hook
|
2024-09-13 |
CVE-2024-46691 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Move unregister out of atomic section
|
2024-09-13 |
CVE-2024-46688 |
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails
|
2024-09-13 |
CVE-2024-46679 |
In the Linux kernel, the following vulnerability has been resolved:
ethtool: check device is present when getting link settings
|
2024-09-13 |
CVE-2024-46685 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: single: fix potential NULL dereference in pcs_get_function()
|
2024-09-13 |
CVE-2024-46703 |
In the Linux kernel, the following vulnerability has been resolved:
Revert "serial: 8250_omap: Set the console genpd always on if no console suspend"
|
2024-09-13 |
CVE-2024-46708 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: qcom: x1e80100: Fix special pin offsets
|
2024-09-13 |
CVE-2024-46683 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: prevent UAF around preempt fence
|
2024-09-13 |
CVE-2024-46692 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: qcom: scm: Mark get_wq_ctx() as atomic call
|
2024-09-13 |
CVE-2024-46702 |
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Mark XDomain as unplugged when router is removed
|
2024-09-13 |
CVE-2024-46700 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/mes: fix mes ring buffer overflow
|
2024-09-13 |
CVE-2024-46682 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
|
2024-09-13 |
CVE-2024-46677 |
In the Linux kernel, the following vulnerability has been resolved:
gtp: fix a potential NULL pointer dereference
|
2024-09-13 |
CVE-2024-46707 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
|
2024-09-13 |
CVE-2024-46699 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Disable preemption while updating GPU stats
|
2024-09-13 |
CVE-2024-46701 |
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix infinite directory reads for offset dir
|
2024-09-13 |
CVE-2024-46709 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix prime with external buffers
|
2024-09-13 |
CVE-2024-46713 |
In the Linux kernel, the following vulnerability has been resolved:
perf/aux: Fix AUX buffer serialization
|
2024-09-13 |
CVE-2024-46705 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: reset mmio mappings with devm
|
2024-09-13 |
CVE-2024-46690 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
|
2024-09-13 |
CVE-2024-46674 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: st: fix probed platform device ref count on probe error path
|
2024-09-13 |
CVE-2024-46693 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: pmic_glink: Fix race during initialization
|
2024-09-13 |
CVE-2024-46684 |
In the Linux kernel, the following vulnerability has been resolved:
binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined
|
2024-09-13 |
CVE-2024-46696 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix potential UAF in nfsd4_cb_getattr_release
|
2024-09-13 |
CVE-2024-46704 |
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Fix spruious data race in __flush_work()
|
2024-09-13 |
CVE-2024-46710 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Prevent unmapping active read buffers
|
2024-09-13 |
CVE-2024-46694 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: avoid using null object of framebuffer
|
2024-09-13 |
CVE-2024-46680 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Fix random crash seen while removing driver
|
2024-09-13 |
CVE-2024-46711 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: fix ID 0 endp usage after multiple re-creations
|
2024-09-13 |
CVE-2024-46687 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
|
2024-09-13 |
CVE-2024-46712 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Disable coherent dumb buffers without 3d
|
2024-09-13 |
CVE-2024-24968 |
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
DEBIANBUG: [1081363]
|
2024-09-11 |
CVE-2024-46672 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
|
2024-09-11 |
CVE-2024-45013 |
In the Linux kernel, the following vulnerability has been resolved:
nvme: move stopping keep-alive into nvme_uninit_ctrl()
|
2024-09-11 |
CVE-2024-45017 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix IPsec RoCE MPV trace call
|
2024-09-11 |
CVE-2024-45023 |
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: Fix data corruption for degraded array with slow disk
|
2024-09-11 |
CVE-2024-45024 |
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix hugetlb vs. core-mm PT locking
|
2024-09-11 |
CVE-2024-45025 |
In the Linux kernel, the following vulnerability has been resolved:
fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
|
2024-09-11 |
CVE-2024-45012 |
In the Linux kernel, the following vulnerability has been resolved:
nouveau/firmware: use dma non-coherent allocator
|
2024-09-11 |
CVE-2024-45027 |
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()
|
2024-09-11 |
CVE-2024-45014 |
In the Linux kernel, the following vulnerability has been resolved:
s390/boot: Avoid possible physmem_info segment corruption
|
2024-09-11 |
CVE-2024-45030 |
In the Linux kernel, the following vulnerability has been resolved:
igb: cope with large MAX_SKB_FRAGS
|
2024-09-11 |
CVE-2024-45010 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: only mark 'subflow' endp as available
|
2024-09-11 |
CVE-2024-23984 |
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
DEBIANBUG: [1081363]
|
2024-09-11 |
CVE-2024-8096 |
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
|
2024-09-11 |
CVE-2024-45020 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a kernel verifier crash in stacksafe()
|
2024-09-11 |
CVE-2024-8645 |
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file
|
2024-09-10 |
CVE-2024-8443 |
libopensc: Heap buffer overflow in OpenPGP driver when generating key
|
2024-09-09 |
CVE-2024-8394 |
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
|
2024-09-06 |
CVE-2024-34155 |
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
|
2024-09-06 |
CVE-2024-34156 |
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
|
2024-09-06 |
CVE-2023-52916 |
In the Linux kernel, the following vulnerability has been resolved:
media: aspeed: Fix memory overwrite if timing is 1600x900
|
2024-09-06 |
CVE-2023-52915 |
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
|
2024-09-06 |
CVE-2024-34158 |
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
|
2024-09-06 |
CVE-2024-7652 |
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
|
2024-09-06 |
CVE-2024-8445 |
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.
|
2024-09-05 |
CVE-2024-44993 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`
|
2024-09-04 |
CVE-2024-44979 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix missing workqueue destroy in xe_gt_pagefault
|
2024-09-04 |
CVE-2024-44964 |
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix memory leaks and crashes while performing a soft reset
|
2024-09-04 |
CVE-2024-45004 |
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: dcp: fix leak of blob encryption key
|
2024-09-04 |
CVE-2024-44994 |
In the Linux kernel, the following vulnerability has been resolved:
iommu: Restore lost return in iommu_report_device_fault()
|
2024-09-04 |
CVE-2024-44997 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()
|
2024-09-04 |
CVE-2024-44954 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: line6: Fix racy access to midibuf
|
2024-09-04 |
CVE-2024-44980 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix opregion leak
|
2024-09-04 |
CVE-2024-44987 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent UAF in ip6_send_skb()
|
2024-09-04 |
CVE-2024-45005 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: fix validity interception issue when gisa is switched off
|
2024-09-04 |
CVE-2024-44999 |
In the Linux kernel, the following vulnerability has been resolved:
gtp: pull network headers in gtp_dev_xmit()
|
2024-09-04 |
CVE-2024-44981 |
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask()
|
2024-09-04 |
CVE-2024-45506 |
A flaw was found in HAProxy. In certain conditions, an endless loop condition can be remotely triggered in the h2_send() function. The loop will be interrupted by the watchdog, however, this will kill the process and lead to a denial of service.
|
2024-09-04 |
CVE-2024-44996 |
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix recursive ->recvmsg calls
|
2024-09-04 |
CVE-2024-44971 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
|
2024-09-04 |
CVE-2024-44976 |
In the Linux kernel, the following vulnerability has been resolved:
ata: pata_macio: Fix DMA table overflow
|
2024-09-04 |
CVE-2024-44973 |
In the Linux kernel, the following vulnerability has been resolved:
mm, slub: do not call do_slab_free for kfence object
|
2024-09-04 |
CVE-2024-44968 |
In the Linux kernel, the following vulnerability has been resolved:
tick/broadcast: Move per CPU pointer access into the atomic section
|
2024-09-04 |
CVE-2024-44975 |
In the Linux kernel, the following vulnerability has been resolved:
cgroup/cpuset: fix panic caused by partcmd_update
|
2024-09-04 |
CVE-2024-44961 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Forward soft recovery errors to userspace
|
2024-09-04 |
CVE-2024-44988 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Fix out-of-bound access
|
2024-09-04 |
CVE-2024-44985 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent possible UAF in ip6_xmit()
|
2024-09-04 |
CVE-2024-44966 |
In the Linux kernel, the following vulnerability has been resolved:
binfmt_flat: Fix corruption when not offsetting data start
|
2024-09-04 |
CVE-2024-20506 |
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
|
2024-09-04 |
CVE-2024-44984 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
|
2024-09-04 |
CVE-2024-44960 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: core: Check for unset descriptor
|
2024-09-04 |
CVE-2024-44950 |
In the Linux kernel, the following vulnerability has been resolved:
serial: sc16is7xx: fix invalid FIFO access with special register set
|
2024-09-04 |
CVE-2024-44959 |
In the Linux kernel, the following vulnerability has been resolved:
tracefs: Use generic inode RCU for synchronizing freeing
|
2024-09-04 |
CVE-2024-43402 |
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.
|
2024-09-04 |
CVE-2024-44953 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix deadlock during RTC update
|
2024-09-04 |
CVE-2024-44951 |
In the Linux kernel, the following vulnerability has been resolved:
serial: sc16is7xx: fix TX fifo corruption
|
2024-09-04 |
CVE-2024-44982 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
|
2024-09-04 |
CVE-2024-44978 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Free job before xe_exec_queue_put
|
2024-09-04 |
CVE-2024-44977 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Validate TA binary size
|
2024-09-04 |
CVE-2024-44992 |
In the Linux kernel, the following vulnerability has been resolved:
smb/client: avoid possible NULL dereference in cifs_free_subrequest()
|
2024-09-04 |
CVE-2024-44995 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix a deadlock problem when config TC during resetting
|
2024-09-04 |
CVE-2024-20505 |
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
|
2024-09-04 |
CVE-2024-44967 |
In the Linux kernel, the following vulnerability has been resolved:
drm/mgag200: Bind I2C lifetime to DRM device
|
2024-09-04 |
CVE-2024-44974 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: avoid possible UaF when selecting endp
|
2024-09-04 |
CVE-2024-44998 |
In the Linux kernel, the following vulnerability has been resolved:
atm: idt77252: prevent use after free in dequeue_rx()
|
2024-09-04 |
CVE-2024-45001 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix RX buf alloc_size alignment and atomic op panic
|
2024-09-04 |
CVE-2024-44955 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute
|
2024-09-04 |
CVE-2024-45619 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-45618 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-45615 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-45620 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-8384 |
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
|
2024-09-03 |
CVE-2024-8382 |
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
|
2024-09-03 |
CVE-2024-6232 |
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
|
2024-09-03 |
CVE-2024-8388 |
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature.
*This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.
|
2024-09-03 |
CVE-2024-45617 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-45616 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-6119 |
Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.
Impact summary: Abnormal termination of an application can a cause a denial of
service.
Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.
Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.
TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a reference identifier (expected
identity), but rather extract the presented identity after checking the
certificate chain. So TLS servers are generally not affected and the severity
of the issue is Moderate.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
|
2024-09-03 |
CVE-2024-8383 |
The Mozilla Foundation's Security Advisory reveals that Firefox didn't prompt for confirmation when handling Usenet schemes like news: and snews:, which could allow malicious programs to register as handlers. This oversight could enable a website to launch these programs without user consent.
|
2024-09-03 |
CVE-2024-8386 |
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2.
|
2024-09-03 |
CVE-2024-45310 |
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.
Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual
user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.
|
2024-09-03 |
CVE-2024-8381 |
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
|
2024-09-03 |
CVE-2024-45306 |
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of
a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at
the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
|
2024-09-02 |
CVE-2024-8006 |
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.
|
2024-08-31 |
CVE-2024-44946 |
In the Linux kernel, the following vulnerability has been resolved:
kcm: Serialise kcm_sendmsg() for the same socket.
|
2024-08-31 |
CVE-2023-7256 |
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
|
2024-08-31 |
CVE-2024-44945 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink: Initialise extack before use in ACKs
|
2024-08-31 |
CVE-2024-44944 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use helper function to calculate expect ID
|
2024-08-30 |
CVE-2024-45491 |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
|
2024-08-30 |
CVE-2022-48944 |
In the Linux kernel, the following vulnerability has been resolved:
sched: Fix yet more sched_fork() races
|
2024-08-30 |
CVE-2024-42934 |
openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator
|
2024-08-30 |
CVE-2024-8235 |
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
|
2024-08-30 |
CVE-2024-45492 |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
|
2024-08-30 |
CVE-2024-45490 |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
|
2024-08-30 |
CVE-2021-4442 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: add sanity tests to TCP_QUEUE_SEQ
|
2024-08-29 |
CVE-2024-8250 |
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
|
2024-08-29 |
CVE-2024-44943 |
In the Linux kernel, the following vulnerability has been resolved:
mm: gup: stop abusing try_grab_folio
|
2024-08-28 |
CVE-2024-7730 |
qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()
|
2024-08-27 |
CVE-2024-45321 |
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
|
2024-08-27 |
CVE-2024-43895 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip Recompute DSC Params if no Stream on Link
|
2024-08-26 |
CVE-2023-49582 |
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.
This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
|
2024-08-26 |
CVE-2024-43802 |
Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.
|
2024-08-26 |
CVE-2024-43909 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/pm: Fix the null pointer dereference for smu7
|
2024-08-26 |
CVE-2024-44941 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to cover read extent cache access with lock
|
2024-08-26 |
CVE-2024-43884 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
|
2024-08-26 |
CVE-2024-43887 |
In the Linux kernel, the following vulnerability has been resolved:
net/tcp: Disable TCP-AO static key after RCU grace period
|
2024-08-26 |
CVE-2024-43902 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null checker before passing variables
|
2024-08-26 |
CVE-2024-43900 |
In the Linux kernel, the following vulnerability has been resolved:
media: xc2028: avoid use-after-free in load_firmware_cb()
|
2024-08-26 |
CVE-2024-44933 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl()
|
2024-08-26 |
CVE-2024-43903 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update
|
2024-08-26 |
CVE-2024-43896 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL
|
2024-08-26 |
CVE-2024-43899 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix null pointer deref in dcn20_resource.c
|
2024-08-26 |
CVE-2024-43908 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix the null pointer dereference to ras_manager
|
2024-08-26 |
CVE-2024-43888 |
In the Linux kernel, the following vulnerability has been resolved:
mm: list_lru: fix UAF for memory cgroup
|
2024-08-26 |
CVE-2024-43904 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing
|
2024-08-26 |
CVE-2024-43886 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check in resource_log_pipe_topology_update
|
2024-08-26 |
CVE-2024-43901 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
|
2024-08-26 |
CVE-2024-44934 |
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mcast: wait for previous gc cycles when removing port
|
2024-08-26 |
CVE-2024-44936 |
In the Linux kernel, the following vulnerability has been resolved:
power: supply: rt5033: Bring back i2c_set_clientdata
|
2024-08-26 |
CVE-2024-43912 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: disallow setting special AP channel widths
|
2024-08-26 |
CVE-2024-43890 |
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix overflow in get_free_elt()
|
2024-08-26 |
CVE-2024-43891 |
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have format file honor EVENT_FILE_FL_FREED
|
2024-08-26 |
CVE-2024-41996 |
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
|
2024-08-26 |
CVE-2024-43907 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
|
2024-08-26 |
CVE-2024-43911 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix NULL dereference at band check in starting tx ba session
|
2024-08-26 |
CVE-2024-44938 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix shift-out-of-bounds in dbDiscardAG
|
2024-08-26 |
CVE-2024-43905 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
|
2024-08-26 |
CVE-2024-44932 |
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix UAFs when destroying the queues
|
2024-08-26 |
CVE-2024-44939 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
|
2024-08-26 |
CVE-2024-44942 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
|
2024-08-26 |
CVE-2024-43885 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double inode unlock for direct IO sync writes
|
2024-08-26 |
CVE-2024-44937 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: intel-vbtn: Protect ACPI notify handler against recursion
|
2024-08-26 |
CVE-2022-48901 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not start relocation until in progress drops are done
|
2024-08-22 |
CVE-2022-48912 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: fix use-after-free in __nf_register_net_hook()
|
2024-08-22 |
CVE-2022-48904 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix I/O page table memory leak
|
2024-08-22 |
CVE-2022-48941 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix concurrent reset and removal of VFs
|
2024-08-22 |
CVE-2022-48916 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
|
2024-08-22 |
CVE-2022-48940 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix crash due to incorrect copy_map_value
|
2024-08-22 |
CVE-2022-48905 |
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: free reset-work-item when flushing
|
2024-08-22 |
CVE-2022-48913 |
In the Linux kernel, the following vulnerability has been resolved:
blktrace: fix use after free for struct blk_trace
|
2024-08-22 |
CVE-2024-43398 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
|
2024-08-22 |
CVE-2022-48919 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix double free race when mount fails in cifs_get_root()
|
2024-08-22 |
CVE-2022-48932 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
|
2024-08-22 |
CVE-2022-48907 |
In the Linux kernel, the following vulnerability has been resolved:
auxdisplay: lcd2s: Fix memory leak in ->remove()
|
2024-08-22 |
CVE-2021-4441 |
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
|
2024-08-22 |
CVE-2022-48927 |
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: tsc2046: fix memory corruption by preventing array overflow
|
2024-08-22 |
CVE-2022-48926 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: add spinlock for rndis response list
|
2024-08-22 |
CVE-2022-48923 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: prevent copying too big compressed lzo segment
|
2024-08-22 |
CVE-2022-48943 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: make apf token non-zero to fix bug
|
2024-08-22 |
CVE-2022-48925 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Do not change route.addr.src_addr outside state checks
|
2024-08-22 |
CVE-2024-43790 |
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.
|
2024-08-22 |
CVE-2024-8088 |
There is a severity vulnerability affecting the CPython "zipfile"
module.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
|
2024-08-22 |
CVE-2022-48906 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
|
2024-08-22 |
CVE-2022-48902 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not WARN_ON() if we have PageError set
|
2024-08-22 |
CVE-2022-48934 |
In the Linux kernel, the following vulnerability has been resolved:
nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
|
2024-08-22 |
CVE-2022-48903 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()
|
2024-08-22 |
CVE-2022-48918 |
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: mvm: check debugfs_dir ptr before use
|
2024-08-22 |
CVE-2024-43872 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix soft lockup under heavy CEQE load
|
2024-08-21 |
CVE-2024-43870 |
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exit
|
2024-08-21 |
CVE-2024-43875 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Clean up error handling in vpci_scan_bus()
|
2024-08-21 |
CVE-2022-48877 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: let's avoid panic if extent_tree is not created
|
2024-08-21 |
CVE-2024-43880 |
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_erp: Fix object nesting warning
|
2024-08-21 |
CVE-2022-48894 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu-v3: Don't unregister on shutdown
|
2024-08-21 |
CVE-2024-43865 |
In the Linux kernel, the following vulnerability has been resolved:
s390/fpu: Re-add exception handling in load_fpu_state()
|
2024-08-21 |
CVE-2023-52905 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix resource leakage in VF driver unbind
|
2024-08-21 |
CVE-2023-52914 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: add hash if ready poll request can't complete inline
|
2024-08-21 |
CVE-2023-52904 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
|
2024-08-21 |
CVE-2022-48874 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
|
2024-08-21 |
CVE-2024-43879 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
|
2024-08-21 |
CVE-2022-48888 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path
|
2024-08-21 |
CVE-2023-52897 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: do not warn on record without old_roots populated
|
2024-08-21 |
CVE-2024-43881 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: change DMA direction while mapping reinjected packets
|
2024-08-21 |
CVE-2024-43863 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix a deadlock in dma buf fence polling
|
2024-08-21 |
CVE-2023-52913 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Fix potential context UAFs
|
2024-08-21 |
CVE-2024-43878 |
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Fix input error path memory access
|
2024-08-21 |
CVE-2024-43866 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Always drain health in shutdown callback
|
2024-08-21 |
CVE-2022-48873 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Don't remove map on creater_process and device_release
|
2024-08-21 |
CVE-2022-48884 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix command stats access after free
|
2024-08-21 |
CVE-2024-43868 |
In the Linux kernel, the following vulnerability has been resolved:
riscv/purgatory: align riscv_kernel_entry
|
2024-08-21 |
CVE-2024-43874 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked
|
2024-08-21 |
CVE-2024-43877 |
In the Linux kernel, the following vulnerability has been resolved:
media: pci: ivtv: Add check for DMA map result
|
2024-08-21 |
CVE-2024-43873 |
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
|
2024-08-21 |
CVE-2024-43864 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix CT entry update leaks of modify header context
|
2024-08-21 |
CVE-2022-48887 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Remove rcu locks from user resources
|
2024-08-21 |
CVE-2022-48882 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
|
2024-08-21 |
CVE-2022-48872 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free race condition for maps
|
2024-08-21 |
CVE-2022-48881 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/amd: Fix refcount leak in amd_pmc_probe
|
2024-08-21 |
CVE-2024-43876 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
|
2024-08-21 |
CVE-2022-48890 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
|
2024-08-21 |
CVE-2022-48876 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix initialization of rx->link and rx->link_sta
|
2024-08-21 |
CVE-2023-52911 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: another fix for the headless Adreno GPU
|
2024-08-21 |
CVE-2024-43869 |
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exec and file release
|
2024-08-21 |
CVE-2022-48895 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: Don't unregister on shutdown
|
2024-08-21 |
CVE-2022-48885 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix potential memory leak in ice_gnss_tty_write()
|
2024-08-21 |
CVE-2024-43862 |
In the Linux kernel, the following vulnerability has been resolved:
net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex
|
2024-08-21 |
CVE-2022-48886 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Add check for kzalloc
|
2024-08-21 |
CVE-2022-48892 |
In the Linux kernel, the following vulnerability has been resolved:
sched/core: Fix use-after-free bug in dup_user_cpus_ptr()
|
2024-08-21 |
CVE-2022-48867 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Prevent use after free on completion memory
|
2024-08-21 |
CVE-2022-48893 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Cleanup partial engine discovery failures
|
2024-08-21 |
CVE-2022-48878 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_qca: Fix driver shutdown on closed serdev
|
2024-08-21 |
CVE-2024-43867 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: prime: fix refcount underflow
|
2024-08-21 |
CVE-2022-48883 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
|
2024-08-21 |
CVE-2023-52912 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fixed bug on error when unloading amdgpu
|
2024-08-21 |
CVE-2022-48897 |
In the Linux kernel, the following vulnerability has been resolved:
arm64/mm: fix incorrect file_map_count for invalid pmd
|
2024-08-21 |
CVE-2022-48889 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof-nau8825: fix module alias overflow
|
2024-08-21 |
CVE-2023-52902 |
In the Linux kernel, the following vulnerability has been resolved:
nommu: fix memory leak in do_mmap() error path
|
2024-08-21 |
CVE-2023-52895 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: don't reissue in case of poll race on multishot request
|
2024-08-21 |
CVE-2024-43871 |
In the Linux kernel, the following vulnerability has been resolved:
devres: Fix memory leakage caused by driver API devm_free_percpu()
|
2024-08-21 |
CVE-2023-52908 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential NULL dereference
|
2024-08-21 |
CVE-2024-23184 |
Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers.
|
2024-08-19 |
CVE-2024-7592 |
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module.
When parsing cookies that contained backslashes for quoted characters in
the cookie value, the parser would use an algorithm with quadratic
complexity, resulting in excess CPU resources being used while parsing the
value.
|
2024-08-19 |
CVE-2024-23185 |
Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers.
|
2024-08-19 |
CVE-2024-43823 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
|
2024-08-17 |
CVE-2024-42274 |
In the Linux kernel, the following vulnerability has been resolved:
Revert "ALSA: firewire-lib: operate for period elapse event in process context"
|
2024-08-17 |
CVE-2024-42273 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid
|
2024-08-17 |
CVE-2024-42317 |
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: avoid PMD-size page cache if needed
|
2024-08-17 |
CVE-2024-42261 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Validate passed in drm syncobj handles in the timestamp extension
|
2024-08-17 |
CVE-2024-43820 |
In the Linux kernel, the following vulnerability has been resolved:
dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
|
2024-08-17 |
CVE-2024-43818 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: Adjust error handling in case of absent codec device
|
2024-08-17 |
CVE-2024-42309 |
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
|
2024-08-17 |
CVE-2024-42282 |
In the Linux kernel, the following vulnerability has been resolved:
net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling
|
2024-08-17 |
CVE-2024-43824 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()
|
2024-08-17 |
CVE-2024-42310 |
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
|
2024-08-17 |
CVE-2024-42319 |
In the Linux kernel, the following vulnerability has been resolved:
mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
|
2024-08-17 |
CVE-2024-42287 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Complete command early within lock
|
2024-08-17 |
CVE-2024-42320 |
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix error checks in dasd_copy_pair_store()
|
2024-08-17 |
CVE-2024-42278 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: TAS2781: Fix tasdev_load_calibrated_data()
|
2024-08-17 |
CVE-2024-43857 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix null reference error when checking end of zone
|
2024-08-17 |
CVE-2024-42279 |
In the Linux kernel, the following vulnerability has been resolved:
spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
|
2024-08-17 |
CVE-2024-42291 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Add a per-VF limit on number of FDIR filters
|
2024-08-17 |
CVE-2024-43829 |
In the Linux kernel, the following vulnerability has been resolved:
drm/qxl: Add check for drm_cvt_mode
|
2024-08-17 |
CVE-2024-42294 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between sd_remove & sd_release
|
2024-08-17 |
CVE-2024-43833 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Fix NULL pointer dereference in adding ancillary links
|
2024-08-17 |
CVE-2024-43827 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check before access structs
|
2024-08-17 |
CVE-2024-42298 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value
|
2024-08-17 |
CVE-2024-42303 |
In the Linux kernel, the following vulnerability has been resolved:
media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()
|
2024-08-17 |
CVE-2024-43843 |
In the Linux kernel, the following vulnerability has been resolved:
riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
|
2024-08-17 |
CVE-2024-43819 |
In the Linux kernel, the following vulnerability has been resolved:
kvm: s390: Reject memory region operations for ucontrol VMs
|
2024-08-17 |
CVE-2024-43842 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
|
2024-08-17 |
CVE-2024-42267 |
In the Linux kernel, the following vulnerability has been resolved:
riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
|
2024-08-17 |
CVE-2024-42272 |
In the Linux kernel, the following vulnerability has been resolved:
sched: act_ct: take care of padding in struct zones_ht_key
|
2024-08-17 |
CVE-2024-42266 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: make cow_file_range_inline() honor locked_page on error
|
2024-08-17 |
CVE-2024-43848 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix TTLM teardown work
|
2024-08-17 |
CVE-2024-43840 |
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
|
2024-08-17 |
CVE-2024-42277 |
In the Linux kernel, the following vulnerability has been resolved:
iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
|
2024-08-17 |
CVE-2024-43847 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix invalid memory access while processing fragmented packets
|
2024-08-17 |
CVE-2024-43821 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix a possible null pointer dereference
|
2024-08-17 |
CVE-2024-43826 |
In the Linux kernel, the following vulnerability has been resolved:
nfs: pass explicit offset/count to trace events
|
2024-08-17 |
CVE-2024-42263 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix potential memory leak in the timestamp extension
|
2024-08-17 |
CVE-2024-43849 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: pdr: protect locator_addr with the main mutex
|
2024-08-17 |
CVE-2024-42268 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix missing lock on sync reset reload
|
2024-08-17 |
CVE-2024-43839 |
In the Linux kernel, the following vulnerability has been resolved:
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
|
2024-08-17 |
CVE-2024-43838 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix overflow check in adjust_jmp_off()
|
2024-08-17 |
CVE-2024-42271 |
In the Linux kernel, the following vulnerability has been resolved:
net/iucv: fix use after free in iucv_sock_close()
|
2024-08-17 |
CVE-2024-42275 |
In the Linux kernel, the following vulnerability has been resolved:
drm/client: Fix error code in drm_client_buffer_vmap_local()
|
2024-08-17 |
CVE-2024-42301 |
In the Linux kernel, the following vulnerability has been resolved:
dev/parport: fix the array out-of-bounds risk
|
2024-08-17 |
CVE-2024-42318 |
In the Linux kernel, the following vulnerability has been resolved:
landlock: Don't lose track of restrictions on cred_transfer
|
2024-08-17 |
CVE-2024-42297 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to don't dirty inode for readonly filesystem
|
2024-08-17 |
CVE-2024-43851 |
In the Linux kernel, the following vulnerability has been resolved:
soc: xilinx: rename cpu_number1 to dummy_cpu_number
|
2024-08-17 |
CVE-2024-43845 |
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix bogus checksum computation in udf_rename()
|
2024-08-17 |
CVE-2024-43850 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
|
2024-08-17 |
CVE-2024-43836 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethtool: pse-pd: Fix possible null-deref
|
2024-08-17 |
CVE-2024-43816 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
|
2024-08-17 |
CVE-2024-42293 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: mm: Fix lockless walks with static and dynamic page-table folding
|
2024-08-17 |
CVE-2024-43822 |
In the Linux kernel, the following vulnerability has been resolved:
ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe()
|
2024-08-17 |
CVE-2023-52889 |
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix null pointer deref when receiving skb during sock creation
|
2024-08-17 |
CVE-2024-42260 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Validate passed in drm syncobj handles in the performance extension
|
2024-08-17 |
CVE-2024-43825 |
In the Linux kernel, the following vulnerability has been resolved:
iio: Fix the sorting functionality in iio_gts_build_avail_time_table
|
2024-08-17 |
CVE-2024-43815 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: mxs-dcp - Ensure payload is zero when using key slot
|
2024-08-17 |
CVE-2024-43844 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: wow: fix GTK offload H2C skbuff issue
|
2024-08-17 |
CVE-2024-42296 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix return value of f2fs_convert_inline_inode()
|
2024-08-17 |
CVE-2024-43859 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to truncate preallocated blocks in f2fs_file_open()
|
2024-08-17 |
CVE-2024-42264 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Prevent out of bounds access in performance query extensions
|
2024-08-17 |
CVE-2024-42290 |
In the Linux kernel, the following vulnerability has been resolved:
irqchip/imx-irqsteer: Handle runtime power management correctly
|
2024-08-17 |
CVE-2024-42262 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix potential memory leak in the performance extension
|
2024-08-17 |
CVE-2024-43860 |
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: imx_rproc: Skip over memory region when node value is NULL
|
2024-08-17 |
CVE-2024-43832 |
In the Linux kernel, the following vulnerability has been resolved:
s390/uv: Don't call folio_wait_writeback() without a folio reference
|
2024-08-17 |
CVE-2024-43841 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: avoid reporting connection success with wrong SSID
|
2024-08-17 |
CVE-2024-42302 |
In the Linux kernel, the following vulnerability has been resolved:
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
|
2024-08-17 |
CVE-2024-43852 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ltc2991) re-order conditions to fix off by one bug
|
2024-08-17 |
CVE-2024-43374 |
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.
|
2024-08-16 |
CVE-2024-42472 |
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the designated sandbox. As a result, the attacker could potentially manipulate the file system, leading to unauthorized actions that compromise the security and integrity of the system.
Flatpak is not providing a security boundary that protects the OS from untrusted content in the flatpak. Flatpak applications should be vetted and reviewed with the same attention as regular OS packages. It should be assumed that an installed flatpak shares the same privileges and access than the user running it.
|
2024-08-15 |
CVE-2024-24980 |
Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2024-42353 |
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.
|
2024-08-14 |
CVE-2024-42259 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
|
2024-08-14 |
CVE-2024-25939 |
Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
|
2024-08-14 |
CVE-2023-42667 |
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2024-7347 |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
2024-08-14 |
CVE-2024-24853 |
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2024-39792 |
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
2024-08-14 |
CVE-2024-22374 |
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.
|
2024-08-14 |
CVE-2023-49141 |
Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2023-31356 |
Incomplete system memory cleanup in SEV firmware could
allow a privileged attacker to corrupt guest private memory, potentially
resulting in a loss of data integrity.
|
2024-08-13 |
CVE-2024-38168 |
.NET and Visual Studio Denial of Service Vulnerability
|
2024-08-13 |
CVE-2023-20584 |
IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.
|
2024-08-13 |
CVE-2024-42258 |
In the Linux kernel, the following vulnerability has been resolved:
mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines
|
2024-08-12 |
CVE-2024-5651 |
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.
|
2024-08-12 |
CVE-2024-7589 |
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.
As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
|
2024-08-12 |
CVE-2023-31315 |
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
|
2024-08-12 |
CVE-2024-43168 |
unbound: Heap-Buffer-Overflow in Unbound
|
2024-08-09 |
CVE-2024-43167 |
unbound: NULL Pointer Dereference in Unbound
|
2024-08-09 |
CVE-2024-7348 |
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
|
2024-08-08 |
CVE-2024-42251 |
In the Linux kernel, the following vulnerability has been resolved:
mm: page_ref: remove folio_try_get_rcu()
|
2024-08-08 |
CVE-2024-42255 |
In the Linux kernel, the following vulnerability has been resolved:
tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()
|
2024-08-08 |
CVE-2024-42256 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix server re-repick on subrequest retry
|
2024-08-08 |
CVE-2024-42252 |
In the Linux kernel, the following vulnerability has been resolved:
closures: Change BUG_ON() to WARN_ON()
|
2024-08-08 |
CVE-2024-42254 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix error pbuf checking
|
2024-08-08 |
CVE-2024-42257 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: use memtostr_pad() for s_volume_name
|
2024-08-08 |
CVE-2024-42248 |
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: ma35d1: Add a NULL check for of_node
|
2024-08-07 |
CVE-2024-42234 |
In the Linux kernel, the following vulnerability has been resolved:
mm: fix crashes from deferred split racing folio migration
|
2024-08-07 |
CVE-2024-42239 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fail bpf_timer_cancel when callback is being cancelled
|
2024-08-07 |
CVE-2024-42243 |
In the Linux kernel, the following vulnerability has been resolved:
mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray
|
2024-08-07 |
CVE-2024-42249 |
In the Linux kernel, the following vulnerability has been resolved:
spi: don't unoptimize message in spi_async()
|
2024-08-07 |
CVE-2024-7006 |
libtiff: NULL pointer dereference in tif_dirinfo.c
|
2024-08-07 |
CVE-2024-42233 |
In the Linux kernel, the following vulnerability has been resolved:
filemap: replace pte_offset_map() with pte_offset_map_nolock()
|
2024-08-07 |
CVE-2024-5290 |
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
|
2024-08-07 |
CVE-2024-42235 |
In the Linux kernel, the following vulnerability has been resolved:
s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()
|
2024-08-07 |
CVE-2024-42241 |
In the Linux kernel, the following vulnerability has been resolved:
mm/shmem: disable PMD-sized page cache if needed
|
2024-08-07 |
CVE-2024-42242 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE
|
2024-08-07 |
CVE-2024-7518 |
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
|
2024-08-06 |
CVE-2024-7523 |
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.
*This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.
|
2024-08-06 |
CVE-2024-43112 |
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
|
2024-08-06 |
CVE-2024-7525 |
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-43113 |
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
|
2024-08-06 |
CVE-2024-7527 |
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7521 |
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
|
2024-08-06 |
CVE-2024-7526 |
ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7519 |
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-43111 |
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.
|
2024-08-06 |
CVE-2024-7522 |
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7524 |
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
|
2024-08-06 |
CVE-2024-7520 |
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
|
2024-08-06 |
CVE-2024-7246 |
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.
This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.
Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
|
2024-08-06 |
CVE-2024-7531 |
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
|
2024-08-06 |
CVE-2024-7528 |
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
|
2024-08-06 |
CVE-2024-7530 |
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
|
2024-08-06 |
CVE-2024-7529 |
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-6472 |
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
|
2024-08-05 |
CVE-2024-21978 |
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
|
2024-08-05 |
CVE-2023-31355 |
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
|
2024-08-05 |
CVE-2024-7409 |
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
Amazon Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. Amazon Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
|
2024-08-04 |
CVE-2024-6923 |
There is a MEDIUM severity vulnerability affecting CPython.
The
email module didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized.
|
2024-08-01 |
CVE-2024-41123 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
|
2024-08-01 |
CVE-2024-41965 |
Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.
|
2024-08-01 |
CVE-2024-41957 |
Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,
but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647
|
2024-08-01 |
CVE-2024-41946 |
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
|
2024-08-01 |
CVE-2024-7264 |
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the *time fraction*, leading to
a `strlen()` getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when
[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
|
2024-07-31 |
CVE-2024-42117 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: ASSERT when failing to find index by plane/stream id
|
2024-07-30 |
CVE-2024-42147 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: hisilicon/debugfs - Fix debugfs uninit process issue
|
2024-07-30 |
CVE-2024-42162 |
In the Linux kernel, the following vulnerability has been resolved:
gve: Account for stopped queues when reading NIC stats
|
2024-07-30 |
CVE-2024-42158 |
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
|
2024-07-30 |
CVE-2024-42123 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix double free err_addr pointer warnings
|
2024-07-30 |
CVE-2024-42129 |
In the Linux kernel, the following vulnerability has been resolved:
leds: mlxreg: Use devm_mutex_init() for mutex initialization
|
2024-07-30 |
CVE-2024-42113 |
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
|
2024-07-30 |
CVE-2024-42099 |
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: Fix invalid dereferencing of indirect CCW data pointer
|
2024-07-30 |
CVE-2024-42156 |
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of clear-key structures on failure
|
2024-07-30 |
CVE-2024-42114 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
|
2024-07-30 |
CVE-2023-52888 |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Only free buffer VA that is not NULL
|
2024-07-30 |
CVE-2024-42159 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Sanitise num_phys
|
2024-07-30 |
CVE-2024-42228 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
|
2024-07-30 |
CVE-2024-42141 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Check socket flag instead of hcon
|
2024-07-30 |
CVE-2024-42107 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Don't process extts if PTP is disabled
|
2024-07-30 |
CVE-2024-42125 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband
|
2024-07-30 |
CVE-2024-42118 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Do not return negative stream id for array
|
2024-07-30 |
CVE-2024-42150 |
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: remove separate irq request for MSI and INTx
|
2024-07-30 |
CVE-2024-42137 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
|
2024-07-30 |
CVE-2024-42132 |
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
|
2024-07-30 |
CVE-2024-42224 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Correct check for empty list
|
2024-07-30 |
CVE-2024-42119 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip finding free audio for unknown engine_id
|
2024-07-30 |
CVE-2024-42112 |
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: free isb resources at the right time
|
2024-07-30 |
CVE-2024-42108 |
In the Linux kernel, the following vulnerability has been resolved:
net: rswitch: Avoid use-after-free in rswitch_poll()
|
2024-07-30 |
CVE-2024-42111 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: always do the basic checks for btrfs_qgroup_inherit structure
|
2024-07-30 |
CVE-2024-42121 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check index msg_id before read or write
|
2024-07-30 |
CVE-2024-42231 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: zoned: fix calc_available_free_space() for zoned mode
|
2024-07-30 |
CVE-2024-42146 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf
|
2024-07-30 |
CVE-2024-42153 |
In the Linux kernel, the following vulnerability has been resolved:
i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
|
2024-07-30 |
CVE-2024-42152 |
In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix a possible leak when destroy a ctrl during qp establishment
|
2024-07-30 |
CVE-2024-42100 |
In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common
|
2024-07-30 |
CVE-2024-42135 |
In the Linux kernel, the following vulnerability has been resolved:
vhost_task: Handle SIGKILL by flushing work and exiting
|
2024-07-30 |
CVE-2024-42154 |
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
|
2024-07-30 |
CVE-2024-42128 |
In the Linux kernel, the following vulnerability has been resolved:
leds: an30259a: Use devm_mutex_init() for mutex initialization
|
2024-07-30 |
CVE-2024-42120 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check pipe offset before setting vblank
|
2024-07-30 |
CVE-2024-42155 |
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of protected- and secure-keys
|
2024-07-30 |
CVE-2024-42151 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
|
2024-07-30 |
CVE-2024-42139 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix improper extts handling
|
2024-07-30 |
CVE-2024-42229 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: aead,cipher - zeroize key buffer after use
|
2024-07-30 |
CVE-2024-42149 |
In the Linux kernel, the following vulnerability has been resolved:
fs: don't misleadingly warn during thaw operations
|
2024-07-30 |
CVE-2024-42133 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Ignore too large handle values in BIG
|
2024-07-30 |
CVE-2024-42144 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
|
2024-07-30 |
CVE-2024-42160 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: check validation of fault attrs in f2fs_build_fault_attr()
|
2024-07-30 |
CVE-2024-42227 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix overlapping copy within dml_core_mode_programming
|
2024-07-30 |
CVE-2024-42225 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: replace skb_put with skb_put_zero
|
2024-07-30 |
CVE-2024-42122 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL pointer check for kzalloc
|
2024-07-30 |
CVE-2024-42134 |
In the Linux kernel, the following vulnerability has been resolved:
virtio-pci: Check if is_avq is NULL
|
2024-07-30 |
CVE-2024-41022 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
|
2024-07-29 |
CVE-2024-42073 |
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems
|
2024-07-29 |
CVE-2024-42069 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix possible double free in error handling path
|
2024-07-29 |
CVE-2024-41032 |
In the Linux kernel, the following vulnerability has been resolved:
mm: vmalloc: check if a hash-index is in cpu_possible_mask
|
2024-07-29 |
CVE-2024-41092 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Fix potential UAF by revoke of fence registers
|
2024-07-29 |
CVE-2024-41029 |
In the Linux kernel, the following vulnerability has been resolved:
nvmem: core: limit cell sysfs permissions to main attribute ones
|
2024-07-29 |
CVE-2024-41035 |
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
|
2024-07-29 |
CVE-2024-41056 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
|
2024-07-29 |
CVE-2024-41015 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: add bounds checking to ocfs2_check_dir_entry()
|
2024-07-29 |
CVE-2024-42098 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: ecdh - explicitly zeroize private_key
|
2024-07-29 |
CVE-2024-42095 |
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_omap: Implementation of Errata i2310
|
2024-07-29 |
CVE-2024-41077 |
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix validation of block size
|
2024-07-29 |
CVE-2024-41031 |
In the Linux kernel, the following vulnerability has been resolved:
mm/filemap: skip to create PMD-sized page cache if needed
|
2024-07-29 |
CVE-2024-42086 |
In the Linux kernel, the following vulnerability has been resolved:
iio: chemical: bme680: Fix overflows in compensate() functions
|
2024-07-29 |
CVE-2024-41043 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: drop bogus WARN_ON
|
2024-07-29 |
CVE-2024-42067 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()
|
2024-07-29 |
CVE-2024-42078 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: initialise nfsd_info.mutex early.
|
2024-07-29 |
CVE-2024-41020 |
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path
|
2024-07-29 |
CVE-2024-41073 |
In the Linux kernel, the following vulnerability has been resolved:
nvme: avoid double free special payload
|
2024-07-29 |
CVE-2024-40794 |
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.
|
2024-07-29 |
CVE-2024-41067 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: scrub: handle RST lookup error correctly
|
2024-07-29 |
CVE-2024-41054 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix ufshcd_clear_cmd racing issue
|
2024-07-29 |
CVE-2024-41066 |
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: Add tx check to prevent skb leak
|
2024-07-29 |
CVE-2024-42075 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix remap of arena.
|
2024-07-29 |
CVE-2024-41055 |
In the Linux kernel, the following vulnerability has been resolved:
mm: prevent derefencing NULL ptr in pfn_section_valid()
|
2024-07-29 |
CVE-2024-40782 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-42070 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
|
2024-07-29 |
CVE-2024-41061 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport
|
2024-07-29 |
CVE-2024-42091 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Check pat.ops before dumping PAT settings
|
2024-07-29 |
CVE-2024-41086 |
In the Linux kernel, the following vulnerability has been resolved:
bcachefs: Fix sb_field_downgrade validation
|
2024-07-29 |
CVE-2024-42066 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix potential integer overflow in page size calculation
|
2024-07-29 |
CVE-2024-42085 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
|
2024-07-29 |
CVE-2024-40779 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-40780 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-41036 |
In the Linux kernel, the following vulnerability has been resolved:
net: ks8851: Fix deadlock with the SPI chip variant
|
2024-07-29 |
CVE-2024-41047 |
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix XDP program unloading while removing the driver
|
2024-07-29 |
CVE-2024-42090 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
|
2024-07-29 |
CVE-2024-41069 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: topology: Fix references to freed memory
|
2024-07-29 |
CVE-2024-41017 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: don't walk off the end of ealist
|
2024-07-29 |
CVE-2024-41065 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Whitelist dtl slub object for copying to userspace
|
2024-07-29 |
CVE-2024-41053 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix ufshcd_abort_one racing issue
|
2024-07-29 |
CVE-2024-41033 |
In the Linux kernel, the following vulnerability has been resolved:
cachestat: do not flush stats in recency check
|
2024-07-29 |
CVE-2024-42063 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
2024-07-29 |
CVE-2024-41023 |
In the Linux kernel, the following vulnerability has been resolved:
sched/deadline: Fix task_struct reference leak
|
2024-07-29 |
CVE-2024-41064 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/eeh: avoid possible crash when edev->pdev changes
|
2024-07-29 |
CVE-2024-41810 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
|
2024-07-29 |
CVE-2024-41072 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
|
2024-07-29 |
CVE-2024-41098 |
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Fix null pointer dereference on error
|
2024-07-29 |
CVE-2024-41062 |
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/l2cap: sync sock recv cb and release
|
2024-07-29 |
CVE-2024-41028 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: toshiba_acpi: Fix array out-of-bounds access
|
2024-07-29 |
CVE-2024-41093 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: avoid using null object of framebuffer
|
2024-07-29 |
CVE-2024-41059 |
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix uninit-value in copy_name
|
2024-07-29 |
CVE-2024-42072 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix may_goto with negative offset.
|
2024-07-29 |
CVE-2024-41041 |
In the Linux kernel, the following vulnerability has been resolved:
udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
|
2024-07-29 |
CVE-2024-41817 |
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
|
2024-07-29 |
CVE-2024-40789 |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-41049 |
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode
|
2024-07-29 |
CVE-2024-41019 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Validate ff offset
|
2024-07-29 |
CVE-2024-41025 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix memory leak in audio daemon attach operation
|
2024-07-29 |
CVE-2024-41095 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
|
2024-07-29 |
CVE-2024-41042 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prefer nft_chain_validate
|
2024-07-29 |
CVE-2024-42096 |
In the Linux kernel, the following vulnerability has been resolved:
x86: stop playing stack games in profile_pc()
|
2024-07-29 |
CVE-2024-41071 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: Avoid address calculations via out of bounds array indexing
|
2024-07-29 |
CVE-2024-3219 |
There is a MEDIUM severity vulnerability affecting CPython.
The
“socket” module provides a pure-Python fallback to the
socket.socketpair() function for platforms that don’t support AF_UNIX,
such as Windows. This pure-Python implementation uses AF_INET or
AF_INET6 to create a local connected pair of sockets. The connection
between the two sockets was not verified before passing the two sockets
back to the user, which leaves the server socket vulnerable to a
connection race from a malicious local peer.
Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
|
2024-07-29 |
CVE-2024-41094 |
In the Linux kernel, the following vulnerability has been resolved:
drm/fbdev-dma: Only set smem_start is enable per module option
|
2024-07-29 |
CVE-2024-42092 |
In the Linux kernel, the following vulnerability has been resolved:
gpio: davinci: Validate the obtained number of IRQs
|
2024-07-29 |
CVE-2024-42074 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: acp: add a null check for chip_pdev structure
|
2024-07-29 |
CVE-2024-42094 |
In the Linux kernel, the following vulnerability has been resolved:
net/iucv: Avoid explicit cpumask var allocation on stack
|
2024-07-29 |
CVE-2024-42080 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/restrack: Fix potential invalid address access
|
2024-07-29 |
CVE-2024-42071 |
In the Linux kernel, the following vulnerability has been resolved:
ionic: use dev_consume_skb_any outside of napi
|
2024-07-29 |
CVE-2024-42081 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/xe_devcoredump: Check NULL before assignments
|
2024-07-29 |
CVE-2024-41084 |
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Avoid null pointer dereference in region lookup
|
2024-07-29 |
CVE-2024-42064 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip pipe if the pipe idx not set properly
|
2024-07-29 |
CVE-2024-41016 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
|
2024-07-29 |
CVE-2024-40776 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-42088 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link
|
2024-07-29 |
CVE-2024-42079 |
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix NULL pointer dereference in gfs2_log_flush
|
2024-07-29 |
CVE-2024-42083 |
In the Linux kernel, the following vulnerability has been resolved:
ionic: fix kernel panic due to multi-buffer handling
|
2024-07-29 |
CVE-2024-41052 |
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Init the count variable in collecting hot-reset devices
|
2024-07-29 |
CVE-2024-41045 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Defer work in bpf_timer_cancel_and_free
|
2024-07-29 |
CVE-2024-41024 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Restrict untrusted app to attach to privileged PD
|
2024-07-29 |
CVE-2024-41097 |
In the Linux kernel, the following vulnerability has been resolved:
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
|
2024-07-29 |
CVE-2024-41037 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda: fix null deref on system suspend entry
|
2024-07-29 |
CVE-2024-41087 |
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Fix double free on error
|
2024-07-29 |
CVE-2024-41671 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
|
2024-07-29 |
CVE-2024-42084 |
In the Linux kernel, the following vulnerability has been resolved:
ftruncate: pass a signed offset
|
2024-07-29 |
CVE-2024-41080 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix possible deadlock in io_register_iowq_max_workers()
|
2024-07-29 |
CVE-2024-41034 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug on rename operation of broken directory
|
2024-07-29 |
CVE-2024-41018 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add a check for attr_names and oatbl
|
2024-07-29 |
CVE-2024-41075 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: add consistency check for copen/cread
|
2024-07-29 |
CVE-2024-41088 |
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251xfd: fix infinite loop when xmit fails
|
2024-07-29 |
CVE-2024-41074 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: Set object to close if ondemand_id < 0 in copen
|
2024-07-29 |
CVE-2024-41085 |
In the Linux kernel, the following vulnerability has been resolved:
cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
|
2024-07-29 |
CVE-2024-41014 |
In the Linux kernel, the following vulnerability has been resolved:
xfs: add bounds checking to xlog_recover_process_data
|
2024-07-29 |
CVE-2024-41050 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: cyclic allocation of msg_id to avoid reuse
|
2024-07-29 |
CVE-2024-42068 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
|
2024-07-29 |
CVE-2024-42065 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
|
2024-07-29 |
CVE-2024-41030 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: discard write access to the directory open
|
2024-07-29 |
CVE-2024-42097 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: emux: improve patch ioctl data validation
|
2024-07-29 |
CVE-2024-41068 |
In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Fix sclp_init() cleanup on failure
|
2024-07-29 |
CVE-2024-41026 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
|
2024-07-29 |
CVE-2024-41083 |
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid
|
2024-07-29 |
CVE-2024-41021 |
In the Linux kernel, the following vulnerability has been resolved:
s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()
|
2024-07-29 |
CVE-2024-40785 |
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
|
2024-07-29 |
CVE-2024-42077 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix DIO failure due to insufficient transaction credits
|
2024-07-29 |
CVE-2024-41082 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-fabrics: use reserved tag for reg read/write command
|
2024-07-29 |
CVE-2024-41096 |
In the Linux kernel, the following vulnerability has been resolved:
PCI/MSI: Fix UAF in msi_capability_init
|
2024-07-29 |
CVE-2024-41039 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Fix overflow checking of wmfw header
|
2024-07-29 |
CVE-2024-41013 |
In the Linux kernel, the following vulnerability has been resolved:
xfs: don't walk off the end of a directory data block
|
2024-07-29 |
CVE-2024-40897 |
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer’s build environment.
|
2024-07-26 |
CVE-2024-41091 |
kernel: virtio-net: tun: mlx5_core short frame denial of service
|
2024-07-25 |
CVE-2024-41090 |
kernel: virtio-net: tap: mlx5_core short frame denial of service
|
2024-07-25 |
CVE-2024-6874 |
CVE-2024-6874 is a serious security flaw in libcurl's curl_url_get() function, used for converting international domain names. When processing a name exactly 256 bytes long, it reads beyond its buffer and fails to null-terminate the string, potentially exposing or modifying stack data. This vulnerability is easy to exploit remotely without special permissions or user interaction, making it a important-severity issue with a CVSS score of 7.2. Users should apply security patches to mitigate this risk.
|
2024-07-24 |
CVE-2024-41110 |
AWS is aware of CVE-2024-41110, an issue affecting the Moby open source project, packaged in Amazon Linux as "docker". Docker is a component of several open source container management systems.
This issue does not affect the default configuration of docker. If an authorization plugin is enabled, a specially-crafted API request to the docker daemon will be forwarded to the authorization plugin in a way that could lead to unintended actions, such as privilege escalation. Enabling an authorization plugin is an atypical configuration. The affected API endpoint is not exposed to the network in either the default, typical, or recommended configurations. The default EKS and ECS configurations do not expose the API endpoint to the network. Enabling a Docker authorization plugin is not supported when using ECS. Finally, docker is not installed on EKS AMIs newer than 1.24. Although Docker is installed in EKS 1.24 and earlier, EKS does not support authorization plugins.
Updated docker packages addressing the issue are available for Amazon Linux 2 (docker-20.10.25-1.amzn2.0.5 and docker-25.0.6-1.amzn2.0.1) and for Amazon Linux 2023 (docker-25.0.6-1amzn2023.0.1). AWS recommends that customers using docker upgrade to these or later versions.
|
2024-07-24 |
CVE-2024-6197 |
libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
|
2024-07-24 |
CVE-2024-0760 |
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack.
This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-1975 |
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-1737 |
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-4076 |
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-41011 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
|
2024-07-18 |
CVE-2024-41184 |
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
|
2024-07-18 |
CVE-2024-40725 |
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes this issue.
|
2024-07-18 |
CVE-2024-40898 |
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
Amazon Linux is not affected, CVE specifics to the Wiindows operating system
|
2024-07-18 |
CVE-2024-41010 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix too early release of tcx_entry
|
2024-07-17 |
CVE-2024-41009 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf
|
2024-07-17 |
CVE-2022-48795 |
In the Linux kernel, the following vulnerability has been resolved:
parisc: Fix data TLB miss in sba_unmap_sg
|
2024-07-16 |
CVE-2022-48788 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-rdma: fix possible use-after-free in transport error_recovery work
|
2024-07-16 |
CVE-2022-48821 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: avoid double fput() on failed usercopy
|
2024-07-16 |
CVE-2024-21157 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48789 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix possible use-after-free in transport error_recovery work
|
2024-07-16 |
CVE-2022-48798 |
In the Linux kernel, the following vulnerability has been resolved:
s390/cio: verify the driver availability for path_event call
|
2024-07-16 |
CVE-2022-48804 |
In the Linux kernel, the following vulnerability has been resolved:
vt_ioctl: fix array_index_nospec in vt_setactivate
|
2024-07-16 |
CVE-2024-21134 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
|
2024-07-16 |
CVE-2022-48822 |
In the Linux kernel, the following vulnerability has been resolved:
usb: f_fs: Fix use-after-free for epfile
|
2024-07-16 |
CVE-2022-48838 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
|
2024-07-16 |
CVE-2022-48794 |
In the Linux kernel, the following vulnerability has been resolved:
net: ieee802154: at86rf230: Stop leaking skb's
|
2024-07-16 |
CVE-2022-48780 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Avoid overwriting the copies of clcsock callback functions
|
2024-07-16 |
CVE-2024-21160 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48803 |
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: Fix missing sentinel for clk_div_table
|
2024-07-16 |
CVE-2022-48791 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix use-after-free for aborted TMF sas_task
|
2024-07-16 |
CVE-2022-48846 |
In the Linux kernel, the following vulnerability has been resolved:
block: release rq qos structures for queue without disk
|
2024-07-16 |
CVE-2022-48777 |
In the Linux kernel, the following vulnerability has been resolved:
mtd: parsers: qcom: Fix kernel panic on skipped partition
|
2024-07-16 |
CVE-2022-48801 |
In the Linux kernel, the following vulnerability has been resolved:
iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL
|
2024-07-16 |
CVE-2022-48811 |
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: don't release napi in __ibmvnic_open()
|
2024-07-16 |
CVE-2024-21130 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48844 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_core: Fix leaking sent_cmd skb
|
2024-07-16 |
CVE-2022-48786 |
In the Linux kernel, the following vulnerability has been resolved:
vsock: remove vsock from connected table when connect is interrupted by a signal
|
2024-07-16 |
CVE-2022-48861 |
In the Linux kernel, the following vulnerability has been resolved:
vdpa: fix use-after-free on vp_vdpa_remove
|
2024-07-16 |
CVE-2022-48840 |
In the Linux kernel, the following vulnerability has been resolved:
iavf: Fix hang during reboot/shutdown
|
2024-07-16 |
CVE-2024-21176 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48829 |
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
|
2024-07-16 |
CVE-2022-48784 |
In the Linux kernel, the following vulnerability has been resolved:
cfg80211: fix race in netlink owner interface destruction
|
2024-07-16 |
CVE-2021-47624 |
In the Linux kernel, the following vulnerability has been resolved:
net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change
|
2024-07-16 |
CVE-2022-48858 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix a race on command flush flow
|
2024-07-16 |
CVE-2022-48808 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: fix panic when DSA master device unbinds on shutdown
|
2024-07-16 |
CVE-2022-48806 |
In the Linux kernel, the following vulnerability has been resolved:
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
|
2024-07-16 |
CVE-2022-48839 |
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
|
2024-07-16 |
CVE-2024-21144 |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-07-16 |
CVE-2024-21166 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).
|
2024-07-16 |
CVE-2022-48859 |
In the Linux kernel, the following vulnerability has been resolved:
net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr
|
2024-07-16 |
CVE-2024-21173 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48824 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: myrs: Fix crash in error case
|
2024-07-16 |
CVE-2024-21127 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2021-47622 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: Fix a deadlock in the error handler
|
2024-07-16 |
CVE-2024-41008 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: change vm->task_info handling
|
2024-07-16 |
CVE-2024-21185 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38, 8.4.1 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48796 |
In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix potential use-after-free during probe
|
2024-07-16 |
CVE-2022-48818 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: don't use devres for mdiobus
|
2024-07-16 |
CVE-2024-21135 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48850 |
In the Linux kernel, the following vulnerability has been resolved:
net-sysfs: add check for netdevice being present to speed_show
|
2024-07-16 |
CVE-2022-48799 |
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix list corruption in perf_cgroup_switch()
|
2024-07-16 |
CVE-2022-48864 |
In the Linux kernel, the following vulnerability has been resolved:
vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command
|
2024-07-16 |
CVE-2022-48775 |
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
|
2024-07-16 |
CVE-2024-21138 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-07-16 |
CVE-2022-48779 |
In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
|
2024-07-16 |
CVE-2022-48851 |
In the Linux kernel, the following vulnerability has been resolved:
staging: gdm724x: fix use after free in gdm_lte_rx()
|
2024-07-16 |
CVE-2022-48826 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: Fix deadlock on DSI device attach error
|
2024-07-16 |
CVE-2022-48827 |
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix the behavior of READ near OFFSET_MAX
|
2024-07-16 |
CVE-2024-21165 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48776 |
In the Linux kernel, the following vulnerability has been resolved:
mtd: parsers: qcom: Fix missing free for pparts in cleanup
|
2024-07-16 |
CVE-2022-48842 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix race condition during interface enslave
|
2024-07-16 |
CVE-2022-48847 |
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Fix filter limit check
|
2024-07-16 |
CVE-2024-21179 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48866 |
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
|
2024-07-16 |
CVE-2022-48834 |
In the Linux kernel, the following vulnerability has been resolved:
usb: usbtmc: Fix bug in pipe direction for control transfers
|
2024-07-16 |
CVE-2022-48831 |
In the Linux kernel, the following vulnerability has been resolved:
ima: fix reference leak in asymmetric_verify()
|
2024-07-16 |
CVE-2022-48815 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: bcm_sf2: don't use devres for mdiobus
|
2024-07-16 |
CVE-2024-21171 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48855 |
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix kernel-infoleak for SCTP sockets
|
2024-07-16 |
CVE-2022-48852 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: hdmi: Unregister codec device on unbind
|
2024-07-16 |
CVE-2022-48841 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
|
2024-07-16 |
CVE-2022-48845 |
In the Linux kernel, the following vulnerability has been resolved:
MIPS: smp: fill in sibling and core maps earlier
|
2024-07-16 |
CVE-2024-21147 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
|
2024-07-16 |
CVE-2022-48802 |
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: task_mmu.c: don't read mapcount for migration entry
|
2024-07-16 |
CVE-2022-48865 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix kernel panic when enabling bearer
|
2024-07-16 |
CVE-2022-48849 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: bypass tiling flag check in virtual display case (v2)
|
2024-07-16 |
CVE-2022-48823 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Fix refcount issue when LOGO is received during TMF
|
2024-07-16 |
CVE-2022-48854 |
In the Linux kernel, the following vulnerability has been resolved:
net: arc_emac: Fix use after free in arc_mdio_probe()
|
2024-07-16 |
CVE-2022-48814 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: seville: register the mdiobus under devres
|
2024-07-16 |
CVE-2022-48819 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
|
2024-07-16 |
CVE-2022-48800 |
In the Linux kernel, the following vulnerability has been resolved:
mm: vmscan: remove deadlock due to throttling failing to make progress
|
2024-07-16 |
CVE-2024-21129 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48857 |
In the Linux kernel, the following vulnerability has been resolved:
NFC: port100: fix use-after-free in port100_send_complete
|
2024-07-16 |
CVE-2022-48773 |
In the Linux kernel, the following vulnerability has been resolved:
xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
|
2024-07-16 |
CVE-2022-48783 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: lantiq_gswip: fix use after free in gswip_remove()
|
2024-07-16 |
CVE-2024-21159 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-21162 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48809 |
In the Linux kernel, the following vulnerability has been resolved:
net: fix a memleak when uncloning an skb dst and its metadata
|
2024-07-16 |
CVE-2022-48848 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/osnoise: Do not unregister events twice
|
2024-07-16 |
CVE-2022-48813 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: felix: don't use devres for mdiobus
|
2024-07-16 |
CVE-2024-21142 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-21163 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
|
2024-07-16 |
CVE-2022-48830 |
In the Linux kernel, the following vulnerability has been resolved:
can: isotp: fix potential CAN frame reception race in isotp_rcv()
|
2024-07-16 |
CVE-2022-48790 |
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix a possible use-after-free in controller reset during load
|
2024-07-16 |
CVE-2024-21177 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48792 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
|
2024-07-16 |
CVE-2022-48837 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
|
2024-07-16 |
CVE-2022-48843 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vrr: Set VRR capable prop only if it is attached to connector
|
2024-07-16 |
CVE-2021-47623 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/fixmap: Fix VM debug warning on unmap
|
2024-07-16 |
CVE-2022-48782 |
In the Linux kernel, the following vulnerability has been resolved:
mctp: fix use after free
|
2024-07-16 |
CVE-2022-48787 |
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: fix use-after-free
|
2024-07-16 |
CVE-2022-48781 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - get rid of alg_memory_allocated
|
2024-07-16 |
CVE-2024-20996 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-0102 |
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service.
|
2024-07-16 |
CVE-2022-48793 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: nSVM: fix potential NULL derefernce on nested migration
|
2024-07-16 |
CVE-2024-21125 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48778 |
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: gpmi: don't leak PM reference in error path
|
2024-07-16 |
CVE-2024-21131 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
|
2024-07-16 |
CVE-2022-48828 |
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix ia_size underflow
|
2024-07-16 |
CVE-2024-21137 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-39908 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
|
2024-07-16 |
CVE-2024-21145 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
|
2024-07-16 |
CVE-2022-48805 |
In the Linux kernel, the following vulnerability has been resolved:
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
|
2024-07-16 |
CVE-2022-48832 |
In the Linux kernel, the following vulnerability has been resolved:
audit: don't deref the syscall args when checking the openat2 open_how::flags
|
2024-07-16 |
CVE-2024-21140 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
|
2024-07-16 |
CVE-2022-48863 |
In the Linux kernel, the following vulnerability has been resolved:
mISDN: Fix memory leak in dsp_pipeline_build()
|
2024-07-16 |
CVE-2022-48853 |
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: fix info leak with DMA_FROM_DEVICE
|
2024-07-16 |
CVE-2022-48860 |
In the Linux kernel, the following vulnerability has been resolved:
ethernet: Fix error handling in xemaclite_of_probe
|
2024-07-16 |
CVE-2022-48774 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ptdma: Fix the error handling path in pt_core_init()
|
2024-07-16 |
CVE-2022-48856 |
In the Linux kernel, the following vulnerability has been resolved:
gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
|
2024-07-16 |
CVE-2022-48807 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
|
2024-07-16 |
CVE-2022-48836 |
In the Linux kernel, the following vulnerability has been resolved:
Input: aiptek - properly check endpoint type
|
2024-07-16 |
CVE-2022-48785 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
|
2024-07-16 |
CVE-2024-6345 |
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
|
2024-07-15 |
CVE-2024-40917 |
In the Linux kernel, the following vulnerability has been resolved:
memblock: make memblock_set_node() also warn about use of MAX_NUMNODES
|
2024-07-12 |
CVE-2024-40972 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: do not create EA inode under buffer lock
|
2024-07-12 |
CVE-2024-40942 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
|
2024-07-12 |
CVE-2024-40932 |
In the Linux kernel, the following vulnerability has been resolved:
drm/exynos/vidi: fix memory leak in .get_modes()
|
2024-07-12 |
CVE-2024-40989 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Disassociate vcpus from redistributor region on teardown
|
2024-07-12 |
CVE-2024-40951 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()
|
2024-07-12 |
CVE-2024-40999 |
In the Linux kernel, the following vulnerability has been resolved:
net: ena: Add validation for completion descriptors consistency
|
2024-07-12 |
CVE-2024-40979 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix kernel crash during resume
|
2024-07-12 |
CVE-2024-40903 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
|
2024-07-12 |
CVE-2024-40919 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()
|
2024-07-12 |
CVE-2024-40922 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: don't lock while !TASK_RUNNING
|
2024-07-12 |
CVE-2024-40967 |
In the Linux kernel, the following vulnerability has been resolved:
serial: imx: Introduce timeout when waiting on transmitter empty
|
2024-07-12 |
CVE-2024-40911 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: Lock wiphy in cfg80211_get_station
|
2024-07-12 |
CVE-2024-40992 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix responder length checking for UD request packets
|
2024-07-12 |
CVE-2024-41004 |
In the Linux kernel, the following vulnerability has been resolved:
tracing: Build event generation tests only as modules
|
2024-07-12 |
CVE-2024-40955 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()
|
2024-07-12 |
CVE-2024-40944 |
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: Fix bug with call depth tracking
|
2024-07-12 |
CVE-2024-40902 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: xattr: fix buffer overflow for invalid xattr
|
2024-07-12 |
CVE-2024-40926 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: don't attempt to schedule hpd_work on headless cards
|
2024-07-12 |
CVE-2024-40954 |
In the Linux kernel, the following vulnerability has been resolved:
net: do not leave a dangling sk pointer, when socket creation fails
|
2024-07-12 |
CVE-2024-40918 |
In the Linux kernel, the following vulnerability has been resolved:
parisc: Try to fix random segmentation faults in package builds
|
2024-07-12 |
CVE-2024-40994 |
In the Linux kernel, the following vulnerability has been resolved:
ptp: fix integer overflow in max_vclocks_store
|
2024-07-12 |
CVE-2024-40961 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent possible NULL deref in fib6_nh_init()
|
2024-07-12 |
CVE-2024-39502 |
In the Linux kernel, the following vulnerability has been resolved:
ionic: fix use after netif_napi_del()
|
2024-07-12 |
CVE-2024-40923 |
In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: disable rx data ring on dma allocation failure
|
2024-07-12 |
CVE-2024-40899 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
|
2024-07-12 |
CVE-2024-40968 |
In the Linux kernel, the following vulnerability has been resolved:
MIPS: Octeon: Add PCIe link status check
|
2024-07-12 |
CVE-2024-40947 |
In the Linux kernel, the following vulnerability has been resolved:
ima: Avoid blocking in RCU read-side critical section
|
2024-07-12 |
CVE-2024-40924 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/dpt: Make DPT object unshrinkable
|
2024-07-12 |
CVE-2024-40997 |
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: amd-pstate: fix memory leak on CPU EPP exit
|
2024-07-12 |
CVE-2024-40975 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: x86-android-tablets: Unregister devices in reverse order
|
2024-07-12 |
CVE-2024-40988 |
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: fix UBSAN warning in kv_dpm.c
|
2024-07-12 |
CVE-2024-40984 |
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
|
2024-07-12 |
CVE-2024-40963 |
In the Linux kernel, the following vulnerability has been resolved:
mips: bmips: BCM6358: make sure CBR is correctly set
|
2024-07-12 |
CVE-2024-40973 |
In the Linux kernel, the following vulnerability has been resolved:
media: mtk-vcodec: potential null pointer deference in SCP
|
2024-07-12 |
CVE-2024-40950 |
In the Linux kernel, the following vulnerability has been resolved:
mm: huge_memory: fix misused mapping_large_folio_support() for anon folios
|
2024-07-12 |
CVE-2024-40957 |
In the Linux kernel, the following vulnerability has been resolved:
seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
|
2024-07-12 |
CVE-2024-40965 |
In the Linux kernel, the following vulnerability has been resolved:
i2c: lpi2c: Avoid calling clk_get_rate during transfer
|
2024-07-12 |
CVE-2024-40940 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
|
2024-07-12 |
CVE-2024-39494 |
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix use-after-free on a dentry's dname.name
|
2024-07-12 |
CVE-2024-40962 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes
|
2024-07-12 |
CVE-2024-40916 |
In the Linux kernel, the following vulnerability has been resolved:
drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
|
2024-07-12 |
CVE-2024-40964 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()
|
2024-07-12 |
CVE-2024-40941 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: don't read past the mfuart notifcation
|
2024-07-12 |
CVE-2024-40966 |
In the Linux kernel, the following vulnerability has been resolved:
tty: add the option to have a tty reject a new ldisc
|
2024-07-12 |
CVE-2024-40937 |
In the Linux kernel, the following vulnerability has been resolved:
gve: Clear napi->skb before dev_kfree_skb_any()
|
2024-07-12 |
CVE-2024-40991 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id()
|
2024-07-12 |
CVE-2024-40933 |
In the Linux kernel, the following vulnerability has been resolved:
iio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe()
|
2024-07-12 |
CVE-2024-40986 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr()
|
2024-07-12 |
CVE-2024-40969 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: don't set RO when shutting down f2fs
|
2024-07-12 |
CVE-2024-40936 |
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix memregion leaks in devm_cxl_add_region()
|
2024-07-12 |
CVE-2024-39504 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_inner: validate mandatory meta and payload
|
2024-07-12 |
CVE-2024-40956 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
|
2024-07-12 |
CVE-2024-40987 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix UBSAN warning in kv_dpm.c
|
2024-07-12 |
CVE-2024-40938 |
In the Linux kernel, the following vulnerability has been resolved:
landlock: Fix d_parent walk
|
2024-07-12 |
CVE-2024-40900 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: remove requests from xarray during flushing requests
|
2024-07-12 |
CVE-2024-40949 |
In the Linux kernel, the following vulnerability has been resolved:
mm: shmem: fix getting incorrect lruvec when replacing a shmem folio
|
2024-07-12 |
CVE-2024-40971 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: remove clear SB_INLINECRYPT flag in default_options
|
2024-07-12 |
CVE-2024-41003 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix reg_set_min_max corruption of fake_reg
|
2024-07-12 |
CVE-2024-40943 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix races between hole punching and AIO+DIO
|
2024-07-12 |
CVE-2024-40985 |
In the Linux kernel, the following vulnerability has been resolved:
net/tcp_ao: Don't leak ao_info on error-path
|
2024-07-12 |
CVE-2024-39495 |
In the Linux kernel, the following vulnerability has been resolved:
greybus: Fix use-after-free bug in gb_interface_release due to race condition.
|
2024-07-12 |
CVE-2024-40929 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
|
2024-07-12 |
CVE-2024-39503 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
|
2024-07-12 |
CVE-2024-40935 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: flush all requests after setting CACHEFILES_DEAD
|
2024-07-12 |
CVE-2024-40952 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()
|
2024-07-12 |
CVE-2024-40960 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent possible NULL dereference in rt6_probe()
|
2024-07-12 |
CVE-2024-40912 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
|
2024-07-12 |
CVE-2024-40993 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Fix suspicious rcu_dereference_protected()
|
2024-07-12 |
CVE-2024-40939 |
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
|
2024-07-12 |
CVE-2024-40909 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a potential use-after-free in bpf_link_free()
|
2024-07-12 |
CVE-2024-40915 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context
|
2024-07-12 |
CVE-2024-39507 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix kernel crash problem in concurrent scenario
|
2024-07-12 |
CVE-2024-39505 |
In the Linux kernel, the following vulnerability has been resolved:
drm/komeda: check for error-valued pointer
|
2024-07-12 |
CVE-2024-40925 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix request.queuelist usage in flush
|
2024-07-12 |
CVE-2024-40906 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Always stop health timer during driver removal
|
2024-07-12 |
CVE-2024-40977 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
|
2024-07-12 |
CVE-2024-40928 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
|
2024-07-12 |
CVE-2024-40907 |
In the Linux kernel, the following vulnerability has been resolved:
ionic: fix kernel panic in XDP_TX action
|
2024-07-12 |
CVE-2024-40930 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: validate HE operation element parsing
|
2024-07-12 |
CVE-2024-40910 |
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix refcount imbalance on inbound connections
|
2024-07-12 |
CVE-2024-40981 |
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: bypass empty buckets in batadv_purge_orig_ref()
|
2024-07-12 |
CVE-2024-41006 |
In the Linux kernel, the following vulnerability has been resolved:
netrom: Fix a memory leak in nr_heartbeat_expiry()
|
2024-07-12 |
CVE-2024-40921 |
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
|
2024-07-12 |
CVE-2024-40970 |
In the Linux kernel, the following vulnerability has been resolved:
Avoid hw_desc array overrun in dw-axi-dmac
|
2024-07-12 |
CVE-2024-39498 |
In the Linux kernel, the following vulnerability has been resolved:
drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2
|
2024-07-12 |
CVE-2024-6655 |
gtk3: gtk2: Library injection from CWD
|
2024-07-11 |
CVE-2024-39493 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
|
2024-07-10 |
CVE-2024-39492 |
In the Linux kernel, the following vulnerability has been resolved:
mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown
|
2024-07-10 |
CVE-2024-39491 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
|
2024-07-10 |
CVE-2024-6614 |
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6607 |
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6606 |
Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-39684 |
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.
|
2024-07-09 |
CVE-2024-36137 |
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
|
2024-07-09 |
CVE-2024-36138 |
The CVE-2024-27980 was identified as an incomplete fix for the BatBadBut vulnerability. This vulnerability arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
|
2024-07-09 |
CVE-2024-22020 |
A security flaw in Node.js allows a bypass of network import restrictions.
By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.
Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.
Exploiting this flaw can violate network import security, posing a risk to developers and servers.
|
2024-07-09 |
CVE-2024-6237 |
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
|
2024-07-09 |
CVE-2024-6610 |
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-38517 |
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
|
2024-07-09 |
CVE-2024-6615 |
Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6609 |
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6603 |
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-6612 |
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-30105 |
.NET Core and Visual Studio Denial of Service Vulnerability
|
2024-07-09 |
CVE-2024-6602 |
A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-35264 |
.NET and Visual Studio Remote Code Execution Vulnerability
|
2024-07-09 |
CVE-2024-6605 |
Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-5569 |
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
|
2024-07-09 |
CVE-2024-3596 |
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
|
2024-07-09 |
CVE-2024-6608 |
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-38081 |
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
|
2024-07-09 |
CVE-2024-6604 |
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-6613 |
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6600 |
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-37372 |
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
This vulnerability affects Windows users of the Node.js Permission Model in version v22.x and v20.x
|
2024-07-09 |
CVE-2024-6611 |
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6601 |
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-22018 |
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
|
2024-07-09 |
CVE-2024-38095 |
.NET and Visual Studio Denial of Service Vulnerability
|
2024-07-09 |
CVE-2024-39695 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
|
2024-07-08 |
CVE-2024-27459 |
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
|
2024-07-08 |
CVE-2024-27903 |
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
|
2024-07-08 |
CVE-2024-6409 |
A signal handler race condition vulnerability was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server.
|
2024-07-08 |
CVE-2024-24974 |
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
|
2024-07-08 |
CVE-2024-38372 |
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.
|
2024-07-08 |
CVE-2023-39328 |
openjpeg: denail of service via crafted image file
|
2024-07-07 |
CVE-2023-39329 |
In openjepg, a resource exhaustion can occur in the opj_t1_decode_cblks function in the tcd.c through a crafted image file causing a denial of service.
|
2024-07-07 |
CVE-2024-6501 |
Given a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, someone could inject a malformed LLDP packet and NetworkManager would crash leading to a DoS.
|
2024-07-07 |
CVE-2024-39486 |
In the Linux kernel, the following vulnerability has been resolved:
drm/drm_file: Fix pid refcounting race
|
2024-07-06 |
CVE-2024-39479 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/hwmon: Get rid of devm
|
2024-07-05 |
CVE-2024-39689 |
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
|
2024-07-05 |
CVE-2024-39475 |
In the Linux kernel, the following vulnerability has been resolved:
fbdev: savage: Handle err return when savagefb_check_var failed
|
2024-07-05 |
CVE-2024-39481 |
In the Linux kernel, the following vulnerability has been resolved:
media: mc: Fix graph walk in media_pipeline_start
|
2024-07-05 |
CVE-2024-39480 |
In the Linux kernel, the following vulnerability has been resolved:
kdb: Fix buffer overflow during tab-complete
|
2024-07-05 |
CVE-2024-39485 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Properly re-initialise notifier entry in unregister
|
2024-07-05 |
CVE-2024-6505 |
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
|
2024-07-05 |
CVE-2024-39473 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
|
2024-07-05 |
CVE-2024-39484 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: davinci: Don't strip remove function when driver is builtin
|
2024-07-05 |
CVE-2024-39483 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
|
2024-07-05 |
CVE-2024-39477 |
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: do not call vma_add_reservation upon ENOMEM
|
2024-07-05 |
CVE-2024-39884 |
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.61, which fixes this issue.
|
2024-07-04 |
CVE-2024-39929 |
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
|
2024-07-04 |
CVE-2024-39936 |
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
|
2024-07-04 |
CVE-2023-52169 |
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
|
2024-07-03 |
CVE-2023-52168 |
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
|
2024-07-03 |
CVE-2024-29508 |
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
|
2024-07-03 |
CVE-2024-29509 |
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
|
2024-07-03 |
CVE-2024-29506 |
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
|
2024-07-03 |
CVE-2024-34750 |
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
|
2024-07-03 |
CVE-2024-39920 |
The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the "SnailLoad" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number.
|
2024-07-03 |
CVE-2024-29511 |
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
|
2024-07-03 |
CVE-2024-29507 |
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
|
2024-07-03 |
CVE-2023-24531 |
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.
|
2024-07-02 |
CVE-2024-39894 |
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
|
2024-07-02 |
CVE-2024-4877 |
With OpenVPN on Windows platforms, a malicious process with "some" elevated privileges (SeImpersonatePrivilege) could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as.
|
2024-07-02 |
CVE-2024-24791 |
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
|
2024-07-02 |
CVE-2024-4467 |
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Amazon Linux has assessed CVE-2024-4467 for qemu-kvm. For AL1, backporting the fix as well as all the dependent changes will increase technical complexity. This will in turn increase the risk associated with this change. This risk outweighs the risk associated with the CVE and Amazon Linux will not be shipping a patch for CVE-2024-4467 on AL1 at this point.
Note: Amazon recommends upgrading to Amazon Linux 2 or Amazon Linux 2023. As a matter of general security practice, Amazon recommends to not rely on in-instance facilities for strong separation of privileges or data security compartments.
|
2024-07-02 |
CVE-2024-38477 |
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-38473 |
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-38475 |
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
|
2024-07-01 |
CVE-2024-6387 |
A signal handler race condition was found in the OpenSSH server (sshd). If a client does not authenticate within the LoginGraceTime period (120 seconds by default, or 600 seconds in older OpenSSH versions), the sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, such as syslog().
AL1 and AL2 comes with OpenSSH version 7.4p1. OpenSSH versions from 4.4p1 up to, but not including, 8.5p1 are not impacted by CVE-2024-6387.
|
2024-07-01 |
CVE-2024-38474 |
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
|
2024-07-01 |
CVE-2024-38472 |
SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
|
2024-07-01 |
CVE-2024-39573 |
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-36387 |
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
|
2024-07-01 |
CVE-2024-38476 |
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-28882 |
An openvpn authenticated client can make the server "keep the session" even when the server has been told to disconnect this client
|
2024-06-29 |
CVE-2024-38525 |
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2.
|
2024-06-28 |
CVE-2024-37370 |
krb5: GSS message token handling
|
2024-06-28 |
CVE-2024-37371 |
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
|
2024-06-28 |
CVE-2016-20022 |
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.
|
2024-06-27 |
CVE-2024-5535 |
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accident in the case of a configuration or programming error in the calling
application.
The OpenSSL API function SSL_select_next_proto is typically used by TLS
applications that support ALPN (Application Layer Protocol Negotiation) or NPN
(Next Protocol Negotiation). NPN is older, was never standardised and
is deprecated in favour of ALPN. We believe that ALPN is significantly more
widely deployed than NPN. The SSL_select_next_proto function accepts a list of
protocols from the server and a list of protocols from the client and returns
the first protocol that appears in the server list that also appears in the
client list. In the case of no overlap between the two lists it returns the
first item in the client list. In either case it will signal whether an overlap
between the two lists was found. In the case where SSL_select_next_proto is
called with a zero length client list it fails to notice this condition and
returns the memory immediately following the client list pointer (and reports
that there was no overlap in the lists).
This function is typically called from a server side application callback for
ALPN or a client side application callback for NPN. In the case of ALPN the list
of protocols supplied by the client is guaranteed by libssl to never be zero in
length. The list of server protocols comes from the application and should never
normally be expected to be of zero length. In this case if the
SSL_select_next_proto function has been called as expected (with the list
supplied by the client passed in the client/client_len parameters), then the
application will not be vulnerable to this issue. If the application has
accidentally been configured with a zero length server list, and has
accidentally passed that zero length server list in the client/client_len
parameters, and has additionally failed to correctly handle a "no overlap"
response (which would normally result in a handshake failure in ALPN) then it
will be vulnerable to this problem.
In the case of NPN, the protocol permits the client to opportunistically select
a protocol when there is no overlap. OpenSSL returns the first client protocol
in the no overlap case in support of this. The list of client protocols comes
from the application and should never normally be expected to be of zero length.
However if the SSL_select_next_proto function is accidentally called with a
client_len of 0 then an invalid memory pointer will be returned instead. If the
application uses this output as the opportunistic protocol then the loss of
confidentiality will occur.
This issue has been assessed as Low severity because applications are most
likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not
widely used. It also requires an application configuration or programming error.
Finally, this issue would not typically be under attacker control making active
exploitation unlikely.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Due to the low severity of this issue we are not issuing new releases of
OpenSSL at this time. The fix will be included in the next releases when they
become available.
|
2024-06-27 |
CVE-2024-39134 |
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.
|
2024-06-27 |
CVE-2024-5642 |
CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
|
2024-06-27 |
CVE-2024-28820 |
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.
|
2024-06-27 |
CVE-2024-39133 |
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c.
|
2024-06-27 |
CVE-2024-5594 |
A malicious openvpn peer can send garbage to openvpn log, or cause high CPU load.
|
2024-06-26 |
CVE-2024-39465 |
In the Linux kernel, the following vulnerability has been resolved:
media: mgb4: Fix double debugfs remove
|
2024-06-25 |
CVE-2024-38661 |
In the Linux kernel, the following vulnerability has been resolved:
s390/ap: Fix crash in AP internal function modify_bitmap()
|
2024-06-25 |
CVE-2024-38385 |
In the Linux kernel, the following vulnerability has been resolved:
genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
|
2024-06-25 |
CVE-2024-38306 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: protect folio::private when attaching extent buffer folios
|
2024-06-25 |
CVE-2024-39466 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/qcom/lmh: Check for SCM availability at probe
|
2024-06-25 |
CVE-2024-39296 |
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix oops during rmmod
|
2024-06-25 |
CVE-2024-39471 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: add error handle to avoid out-of-bounds
|
2024-06-25 |
CVE-2024-39470 |
In the Linux kernel, the following vulnerability has been resolved:
eventfs: Fix a possible null pointer dereference in eventfs_find_events()
|
2024-06-25 |
CVE-2021-4440 |
In the Linux kernel, the following vulnerability has been resolved:
x86/xen: Drop USERGS_SYSRET64 paravirt call
|
2024-06-25 |
CVE-2024-39462 |
In the Linux kernel, the following vulnerability has been resolved:
clk: bcm: dvp: Assign ->num before accessing ->hws
|
2024-06-25 |
CVE-2024-5261 |
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification
LibreOfficeKit can be used for accessing LibreOffice functionality
through C/C++. Typically this is used by third party components to reuse
LibreOffice as a library to convert, view or otherwise interact with
documents.
LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.
In
affected versions of LibreOffice, when used in LibreOfficeKit mode
only, then curl's TLS certification verification was disabled
(CURLOPT_SSL_VERIFYPEER of false)
In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.
This issue affects LibreOffice before version 24.2.4.
|
2024-06-25 |
CVE-2024-37894 |
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
|
2024-06-25 |
CVE-2024-39464 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Fix notifier list entry init
|
2024-06-25 |
CVE-2024-39463 |
In the Linux kernel, the following vulnerability has been resolved:
9p: add missing locking around taking dentry fid list
|
2024-06-25 |
CVE-2024-3447 |
QEMU: sdhci: heap buffer overflow in sdhci_write_dataport()
|
2024-06-25 |
CVE-2022-48772 |
In the Linux kernel, the following vulnerability has been resolved:
media: lgdt3306a: Add a check against null-pointer-def
|
2024-06-25 |
CVE-2024-39467 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
|
2024-06-25 |
CVE-2024-39461 |
In the Linux kernel, the following vulnerability has been resolved:
clk: bcm: rpi: Assign ->num before accessing ->hws
|
2024-06-25 |
CVE-2024-39301 |
In the Linux kernel, the following vulnerability has been resolved:
net/9p: fix uninit-value in p9_client_rpc()
|
2024-06-25 |
CVE-2024-33847 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: don't allow unaligned truncation on released compress inode
|
2024-06-24 |
CVE-2024-36479 |
In the Linux kernel, the following vulnerability has been resolved:
fpga: bridge: add owner module and take its refcount
|
2024-06-24 |
CVE-2024-37021 |
In the Linux kernel, the following vulnerability has been resolved:
fpga: manager: add owner module and take its refcount
|
2024-06-24 |
CVE-2024-35247 |
In the Linux kernel, the following vulnerability has been resolved:
fpga: region: add owner module and take its refcount
|
2024-06-24 |
CVE-2024-39291 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()
|
2024-06-24 |
CVE-2024-37026 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Only use reserved BCS instances for usm migrate exec queue
|
2024-06-24 |
CVE-2024-38663 |
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from resetting io stat
|
2024-06-24 |
CVE-2024-39292 |
In the Linux kernel, the following vulnerability has been resolved:
um: Add winch to winch_handlers before registering winch IRQ
|
2024-06-24 |
CVE-2024-34030 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: of_property: Return error for int_map allocation failure
|
2024-06-24 |
CVE-2024-34027 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
|
2024-06-24 |
CVE-2024-38667 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: prevent pt_regs corruption for secondary idle threads
|
2024-06-24 |
CVE-2024-32936 |
In the Linux kernel, the following vulnerability has been resolved:
media: ti: j721e-csi2rx: Fix races while restarting DMA
|
2024-06-24 |
CVE-2024-6104 |
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
|
2024-06-24 |
CVE-2024-38664 |
In the Linux kernel, the following vulnerability has been resolved:
drm: zynqmp_dpsub: Always register bridge
|
2024-06-24 |
CVE-2024-38384 |
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
|
2024-06-24 |
CVE-2024-39331 |
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
|
2024-06-23 |
CVE-2024-38637 |
In the Linux kernel, the following vulnerability has been resolved:
greybus: lights: check return of get_channel_from_mode
|
2024-06-21 |
CVE-2023-52884 |
In the Linux kernel, the following vulnerability has been resolved:
Input: cyapa - add missing input core locking to suspend/resume functions
|
2024-06-21 |
CVE-2024-38632 |
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: fix potential memory leak in vfio_intx_enable()
|
2024-06-21 |
CVE-2024-36481 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/probes: fix error check in parse_btf_field()
|
2024-06-21 |
CVE-2024-36477 |
In the Linux kernel, the following vulnerability has been resolved:
tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
|
2024-06-21 |
CVE-2024-36484 |
In the Linux kernel, the following vulnerability has been resolved:
net: relax socket state check at accept time.
|
2024-06-21 |
CVE-2024-33619 |
In the Linux kernel, the following vulnerability has been resolved:
efi: libstub: only free priv.runtime_map when allocated
|
2024-06-21 |
CVE-2024-38659 |
In the Linux kernel, the following vulnerability has been resolved:
enic: Validate length of nl attributes in enic_set_vf_port
|
2024-06-21 |
CVE-2024-37353 |
In the Linux kernel, the following vulnerability has been resolved:
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
|
2024-06-21 |
CVE-2024-38630 |
In the Linux kernel, the following vulnerability has been resolved:
watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
|
2024-06-21 |
CVE-2024-31076 |
In the Linux kernel, the following vulnerability has been resolved:
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
|
2024-06-21 |
CVE-2024-38390 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
|
2024-06-21 |
CVE-2024-38625 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check 'folio' pointer for NULL
|
2024-06-21 |
CVE-2024-38635 |
In the Linux kernel, the following vulnerability has been resolved:
soundwire: cadence: fix invalid PDI offset
|
2024-06-21 |
CVE-2024-34777 |
In the Linux kernel, the following vulnerability has been resolved:
dma-mapping: benchmark: fix node id validation
|
2024-06-21 |
CVE-2024-38626 |
In the Linux kernel, the following vulnerability has been resolved:
fuse: clear FR_SENT when re-adding requests into pending list
|
2024-06-21 |
CVE-2024-38634 |
In the Linux kernel, the following vulnerability has been resolved:
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
|
2024-06-21 |
CVE-2024-38627 |
In the Linux kernel, the following vulnerability |