This page lists Common Vulnerabilities and Exposures (CVE) that may affect the Amazon Linux operating system.
CVE ID | Description | Public Date |
---|---|---|
CVE-2024-43362 |
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
|
2024-10-07 |
CVE-2024-31449 |
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-31228 |
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-31227 |
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-10-07 |
CVE-2024-47191 |
oath-toolkit: Local root exploit in a PAM module
|
2024-10-07 |
CVE-2024-47850 |
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
|
2024-10-04 |
CVE-2024-47554 |
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
|
2024-10-03 |
CVE-2024-8508 |
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
|
2024-10-03 |
CVE-2024-36474 |
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
2024-10-03 |
CVE-2024-42415 |
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
2024-10-03 |
CVE-2024-47611 |
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected.
|
2024-10-02 |
CVE-2024-9394 |
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9393 |
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9399 |
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9398 |
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9397 |
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9402 |
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9395 |
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
|
2024-10-01 |
CVE-2024-9391 |
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.
*This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
|
2024-10-01 |
CVE-2024-9403 |
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9355 |
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
|
2024-10-01 |
CVE-2024-9400 |
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9401 |
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9392 |
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-9396 |
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
2024-10-01 |
CVE-2024-45993 |
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
|
2024-09-30 |
CVE-2024-9026 |
Logs from childrens may be altered
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5
NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24)
|
2024-09-29 |
CVE-2024-38286 |
tomcat: Denial of Service in Tomcat
|
2024-09-27 |
CVE-2024-46833 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: void array out of bound when loop tnl_num
|
2024-09-27 |
CVE-2024-46823 |
In the Linux kernel, the following vulnerability has been resolved:
kunit/overflow: Fix UB in overflow_allocation_test
|
2024-09-27 |
CVE-2024-46855 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: fix sk refcount leaks
|
2024-09-27 |
CVE-2024-8926 |
Bypass of CVE-2024-4577, Parameter Injection Vulnerability
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq
NOTE: https://github.com/php/php-src/commit/abcfd980bfa03298792fd3aba051c78d52f10642 (PHP-8.2.24)
|
2024-09-27 |
CVE-2024-46819 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: the warning dereferencing obj for nbio_v7_4
|
2024-09-27 |
CVE-2024-46803 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Check debug trap enable before write dbg_ev_file
|
2024-09-27 |
CVE-2024-46829 |
In the Linux kernel, the following vulnerability has been resolved:
rtmutex: Drop rt_mutex::wait_lock before scheduling
|
2024-09-27 |
CVE-2024-46860 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
|
2024-09-27 |
CVE-2024-46850 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
|
2024-09-27 |
CVE-2024-46817 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
|
2024-09-27 |
CVE-2024-8925 |
Erroneous parsing of multipart form data
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24)
|
2024-09-27 |
CVE-2024-8805 |
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e
DEBIANBUG: [1082849]
|
2024-09-27 |
CVE-2024-46815 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
|
2024-09-27 |
CVE-2024-46808 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range
|
2024-09-27 |
CVE-2024-46828 |
In the Linux kernel, the following vulnerability has been resolved:
sched: sch_cake: fix bulk flow accounting logic for host fairness
|
2024-09-27 |
CVE-2024-46843 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Remove SCSI host only if added
|
2024-09-27 |
CVE-2024-46862 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item
|
2024-09-27 |
CVE-2024-46866 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: add missing bo locking in show_meminfo()
|
2024-09-27 |
CVE-2024-46820 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend
|
2024-09-27 |
CVE-2024-46824 |
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Require drivers to supply the cache_invalidate_user ops
|
2024-09-27 |
CVE-2024-46825 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
|
2024-09-27 |
CVE-2024-46856 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
|
2024-09-27 |
CVE-2024-46836 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: aspeed_udc: validate endpoint index for ast udc
|
2024-09-27 |
CVE-2024-46847 |
In the Linux kernel, the following vulnerability has been resolved:
mm: vmalloc: ensure vmap_block is initialised before adding to queue
|
2024-09-27 |
CVE-2024-46805 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix the waring dereferencing hive
|
2024-09-27 |
CVE-2024-8927 |
cgi.force_redirect configuration is byppassible due to the environment variable collision
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
NOTE: https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24)
|
2024-09-27 |
CVE-2024-46810 |
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
|
2024-09-27 |
CVE-2024-46807 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: Check tbo resource pointer
|
2024-09-27 |
CVE-2024-46816 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
|
2024-09-27 |
CVE-2024-46842 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
|
2024-09-27 |
CVE-2024-46861 |
In the Linux kernel, the following vulnerability has been resolved:
usbnet: ipheth: do not stop RX on failing RX callback
|
2024-09-27 |
CVE-2024-46822 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
|
2024-09-27 |
CVE-2024-46806 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix the warning division or modulo by zero
|
2024-09-27 |
CVE-2024-46827 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix firmware crash due to invalid peer nss
|
2024-09-27 |
CVE-2024-46864 |
In the Linux kernel, the following vulnerability has been resolved:
x86/hyperv: fix kexec crash due to VP assist page corruption
|
2024-09-27 |
CVE-2024-46802 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: added NULL check at start of dc_validate_stream
|
2024-09-27 |
CVE-2024-46809 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check BIOS images before it is used
|
2024-09-27 |
CVE-2024-46840 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: clean up our handling of refs == 0 in snapshot delete
|
2024-09-27 |
CVE-2024-38796 |
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
|
2024-09-27 |
CVE-2024-47177 |
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
|
2024-09-26 |
CVE-2024-47175 |
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
|
2024-09-26 |
CVE-2024-0133 |
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
|
2024-09-26 |
CVE-2024-47076 |
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
|
2024-09-26 |
CVE-2024-0132 |
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
2024-09-26 |
CVE-2024-47176 |
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL.
Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
|
2024-09-26 |
CVE-2024-47068 |
Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 3.29.5 and 4.22.4 contain a patch for the vulnerability.
|
2024-09-23 |
CVE-2022-48945 |
In the Linux kernel, the following vulnerability has been resolved:
media: vivid: fix compose size exceed boundary
|
2024-09-23 |
CVE-2024-42861 |
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
|
2024-09-23 |
CVE-2024-47220 |
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
|
2024-09-22 |
CVE-2024-45808 |
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-45807 |
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.
|
2024-09-20 |
CVE-2024-45806 |
Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-45809 |
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-45810 |
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-09-20 |
CVE-2024-7254 |
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
|
2024-09-19 |
CVE-2024-7207 |
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487.
|
2024-09-19 |
CVE-2024-45769 |
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
|
2024-09-19 |
CVE-2024-45770 |
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
|
2024-09-19 |
CVE-2024-46759 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (adc128d818) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46792 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: misaligned: Restrict user access to kernel memory
|
2024-09-18 |
CVE-2024-46773 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check denominator pbn_div before used
|
2024-09-18 |
CVE-2024-46798 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
|
2024-09-18 |
CVE-2024-46784 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
|
2024-09-18 |
CVE-2024-46748 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
|
2024-09-18 |
CVE-2024-46722 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix mc_data out-of-bounds read warning
|
2024-09-18 |
CVE-2024-46778 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check UnboundedRequestEnabled's value
|
2024-09-18 |
CVE-2024-46721 |
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix possible NULL pointer dereference
|
2024-09-18 |
CVE-2024-46779 |
In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: Free pvr_vm_gpuva after unlink
|
2024-09-18 |
CVE-2024-46772 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check denominator crb_pipes before used
|
2024-09-18 |
CVE-2024-46785 |
In the Linux kernel, the following vulnerability has been resolved:
eventfs: Use list_del_rcu() for SRCU protected list variable
|
2024-09-18 |
CVE-2024-46764 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: add check for invalid name in btf_name_valid_section()
|
2024-09-18 |
CVE-2024-46794 |
In the Linux kernel, the following vulnerability has been resolved:
x86/tdx: Fix data leak in mmio_read()
|
2024-09-18 |
CVE-2024-46738 |
In the Linux kernel, the following vulnerability has been resolved:
VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
|
2024-09-18 |
CVE-2024-46734 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix race between direct IO write and fsync when using same fd
|
2024-09-18 |
CVE-2024-46775 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Validate function returns
|
2024-09-18 |
CVE-2024-46789 |
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook
|
2024-09-18 |
CVE-2024-46771 |
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Remove proc entry when dev is unregistered.
|
2024-09-18 |
CVE-2024-46768 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (hp-wmi-sensors) Check if WMI event data exists
|
2024-09-18 |
CVE-2024-46796 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix double put of @cfile in smb2_set_path_size()
|
2024-09-18 |
CVE-2024-46756 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46720 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix dereference after null check
|
2024-09-18 |
CVE-2024-46767 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: Fix missing of_node_put() for leds
|
2024-09-18 |
CVE-2024-46714 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
|
2024-09-18 |
CVE-2024-46770 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Add netif_device_attach/detach into PF reset flow
|
2024-09-18 |
CVE-2024-46786 |
In the Linux kernel, the following vulnerability has been resolved:
fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
|
2024-09-18 |
CVE-2024-46761 |
In the Linux kernel, the following vulnerability has been resolved:
pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
|
2024-09-18 |
CVE-2024-46725 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds write warning
|
2024-09-18 |
CVE-2024-46737 |
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: fix kernel crash if commands allocation fails
|
2024-09-18 |
CVE-2024-46728 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check index for aux_rd_interval before using
|
2024-09-18 |
CVE-2024-46744 |
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: sanity check symbolic link size
|
2024-09-18 |
CVE-2024-46758 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm95234) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46752 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
|
2024-09-18 |
CVE-2024-46718 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Don't overmap identity VRAM mapping
|
2024-09-18 |
CVE-2024-46777 |
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid excessive partition lengths
|
2024-09-18 |
CVE-2024-46742 |
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
|
2024-09-18 |
CVE-2024-46799 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX
|
2024-09-18 |
CVE-2024-46781 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix missing cleanup on rollforward recovery error
|
2024-09-18 |
CVE-2024-46750 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pci_bus_lock()
|
2024-09-18 |
CVE-2024-46719 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Fix null pointer dereference in trace
|
2024-09-18 |
CVE-2024-46793 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder
|
2024-09-18 |
CVE-2024-46757 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
|
2024-09-18 |
CVE-2024-46735 |
In the Linux kernel, the following vulnerability has been resolved:
ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
|
2024-09-18 |
CVE-2024-46730 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Ensure array index tg_inst won't be -1
|
2024-09-18 |
CVE-2024-46723 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix ucode out-of-bounds read warning
|
2024-09-18 |
CVE-2024-46749 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
|
2024-09-18 |
CVE-2024-46760 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: usb: schedule rx work after everything is set up
|
2024-09-18 |
CVE-2024-46787 |
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: fix checks for huge PMDs
|
2024-09-18 |
CVE-2024-46729 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix incorrect size calculation for loop
|
2024-09-18 |
CVE-2024-46766 |
In the Linux kernel, the following vulnerability has been resolved:
ice: move netif_queue_set_napi to rtnl-protected sections
|
2024-09-18 |
CVE-2024-46755 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
|
2024-09-18 |
CVE-2024-46745 |
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - reject requests with unreasonable number of slots
|
2024-09-18 |
CVE-2024-46727 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
|
2024-09-18 |
CVE-2024-46762 |
In the Linux kernel, the following vulnerability has been resolved:
xen: privcmd: Fix possible access to a freed kirqfd instance
|
2024-09-18 |
CVE-2024-46733 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix qgroup reserve leaks in cow_file_range
|
2024-09-18 |
CVE-2024-46763 |
In the Linux kernel, the following vulnerability has been resolved:
fou: Fix null-ptr-deref in GRO.
|
2024-09-18 |
CVE-2024-46782 |
In the Linux kernel, the following vulnerability has been resolved:
ila: call nf_unregister_net_hooks() sooner
|
2024-09-18 |
CVE-2024-46776 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Run DC_LOG_DC after checking link->link_enc
|
2024-09-18 |
CVE-2024-46788 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/osnoise: Use a cpumask to know what threads are kthreads
|
2024-09-18 |
CVE-2024-46715 |
In the Linux kernel, the following vulnerability has been resolved:
driver: iio: add missing checks on iio_info's callback access
|
2024-09-18 |
CVE-2024-46746 |
In the Linux kernel, the following vulnerability has been resolved:
HID: amd_sfh: free driver_data after destroying hid device
|
2024-09-18 |
CVE-2024-46795 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: unset the binding mark of a reused connection
|
2024-09-18 |
CVE-2024-46791 |
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
|
2024-09-18 |
CVE-2024-46800 |
In the Linux kernel, the following vulnerability has been resolved:
sch/netem: fix use after free in netem_dequeue
|
2024-09-18 |
CVE-2024-46801 |
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
|
2024-09-18 |
CVE-2024-46774 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
|
2024-09-18 |
CVE-2024-46741 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix double free of 'buf' in error path
|
2024-09-18 |
CVE-2024-46740 |
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF caused by offsets overwrite
|
2024-09-18 |
CVE-2024-46753 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle errors from btrfs_dec_ref() properly
|
2024-09-18 |
CVE-2024-46797 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/qspinlock: Fix deadlock in MCS queue
|
2024-09-18 |
CVE-2024-46751 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
|
2024-09-18 |
CVE-2024-46726 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Ensure index calculation will not overflow
|
2024-09-18 |
CVE-2024-46765 |
In the Linux kernel, the following vulnerability has been resolved:
ice: protect XDP configuration with a mutex
|
2024-09-18 |
CVE-2024-46731 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: fix the Out-of-bounds read warning
|
2024-09-18 |
CVE-2024-46743 |
In the Linux kernel, the following vulnerability has been resolved:
of/irq: Prevent device address out-of-bounds read in interrupt map walk
|
2024-09-18 |
CVE-2024-46769 |
In the Linux kernel, the following vulnerability has been resolved:
spi: intel: Add check devm_kasprintf() returned value
|
2024-09-18 |
CVE-2024-46739 |
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
|
2024-09-18 |
CVE-2024-46724 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
|
2024-09-18 |
CVE-2024-46732 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Assign linear_pitch_alignment even for VM
|
2024-09-18 |
CVE-2024-46754 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Remove tst_run from lwt_seg6local_prog_ops.
|
2024-09-18 |
CVE-2024-46747 |
In the Linux kernel, the following vulnerability has been resolved:
HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
|
2024-09-18 |
CVE-2024-46716 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
|
2024-09-18 |
CVE-2024-46783 |
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: fix return value of tcp_bpf_sendmsg()
|
2024-09-18 |
CVE-2024-46780 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: protect references to superblock parameters exposed in sysfs
|
2024-09-18 |
CVE-2024-44187 |
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
|
2024-09-17 |
CVE-2024-40857 |
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
|
2024-09-17 |
CVE-2024-7788 |
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
|
2024-09-17 |
CVE-2024-40866 |
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
|
2024-09-17 |
CVE-2024-8900 |
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129.
|
2024-09-17 |
CVE-2024-8897 |
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.
|
2024-09-17 |
CVE-2024-8775 |
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
|
2024-09-14 |
CVE-2024-46679 |
In the Linux kernel, the following vulnerability has been resolved:
ethtool: check device is present when getting link settings
|
2024-09-13 |
CVE-2024-46675 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: Prevent USB core invalid event buffer address access
|
2024-09-13 |
CVE-2024-46687 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
|
2024-09-13 |
CVE-2024-46703 |
In the Linux kernel, the following vulnerability has been resolved:
Revert "serial: 8250_omap: Set the console genpd always on if no console suspend"
|
2024-09-13 |
CVE-2024-46713 |
In the Linux kernel, the following vulnerability has been resolved:
perf/aux: Fix AUX buffer serialization
|
2024-09-13 |
CVE-2024-46712 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Disable coherent dumb buffers without 3d
|
2024-09-13 |
CVE-2024-46697 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: ensure that nfsd4_fattr_args.context is zeroed out
|
2024-09-13 |
CVE-2024-46676 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Add poll mod list filling check
|
2024-09-13 |
CVE-2024-46680 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Fix random crash seen while removing driver
|
2024-09-13 |
CVE-2024-46690 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
|
2024-09-13 |
CVE-2024-46695 |
In the Linux kernel, the following vulnerability has been resolved:
selinux,smack: don't bypass permissions check in inode_setsecctx hook
|
2024-09-13 |
CVE-2024-46707 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
|
2024-09-13 |
CVE-2024-46710 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Prevent unmapping active read buffers
|
2024-09-13 |
CVE-2024-46702 |
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Mark XDomain as unplugged when router is removed
|
2024-09-13 |
CVE-2024-46709 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix prime with external buffers
|
2024-09-13 |
CVE-2024-46693 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: pmic_glink: Fix race during initialization
|
2024-09-13 |
CVE-2024-46694 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: avoid using null object of framebuffer
|
2024-09-13 |
CVE-2024-46698 |
In the Linux kernel, the following vulnerability has been resolved:
video/aperture: optionally match the device in sysfb_disable()
|
2024-09-13 |
CVE-2024-46673 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: aacraid: Fix double-free on probe failure
|
2024-09-13 |
CVE-2024-46705 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: reset mmio mappings with devm
|
2024-09-13 |
CVE-2024-46711 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: fix ID 0 endp usage after multiple re-creations
|
2024-09-13 |
CVE-2024-46685 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: single: fix potential NULL dereference in pcs_get_function()
|
2024-09-13 |
CVE-2024-46706 |
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
|
2024-09-13 |
CVE-2024-46691 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Move unregister out of atomic section
|
2024-09-13 |
CVE-2024-46692 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: qcom: scm: Mark get_wq_ctx() as atomic call
|
2024-09-13 |
CVE-2024-46688 |
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails
|
2024-09-13 |
CVE-2024-46708 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: qcom: x1e80100: Fix special pin offsets
|
2024-09-13 |
CVE-2024-46683 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: prevent UAF around preempt fence
|
2024-09-13 |
CVE-2024-46677 |
In the Linux kernel, the following vulnerability has been resolved:
gtp: fix a potential NULL pointer dereference
|
2024-09-13 |
CVE-2024-46701 |
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix infinite directory reads for offset dir
|
2024-09-13 |
CVE-2024-46699 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Disable preemption while updating GPU stats
|
2024-09-13 |
CVE-2024-46704 |
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Fix spruious data race in __flush_work()
|
2024-09-13 |
CVE-2024-46674 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: st: fix probed platform device ref count on probe error path
|
2024-09-13 |
CVE-2024-46684 |
In the Linux kernel, the following vulnerability has been resolved:
binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined
|
2024-09-13 |
CVE-2024-46678 |
In the Linux kernel, the following vulnerability has been resolved:
bonding: change ipsec_lock from spin lock to mutex
|
2024-09-13 |
CVE-2024-46682 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
|
2024-09-13 |
CVE-2024-46700 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/mes: fix mes ring buffer overflow
|
2024-09-13 |
CVE-2024-46689 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
|
2024-09-13 |
CVE-2024-46696 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix potential UAF in nfsd4_cb_getattr_release
|
2024-09-13 |
CVE-2024-45024 |
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix hugetlb vs. core-mm PT locking
|
2024-09-11 |
CVE-2024-45030 |
In the Linux kernel, the following vulnerability has been resolved:
igb: cope with large MAX_SKB_FRAGS
|
2024-09-11 |
CVE-2024-45012 |
In the Linux kernel, the following vulnerability has been resolved:
nouveau/firmware: use dma non-coherent allocator
|
2024-09-11 |
CVE-2024-24968 |
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
DEBIANBUG: [1081363]
|
2024-09-11 |
CVE-2024-45013 |
In the Linux kernel, the following vulnerability has been resolved:
nvme: move stopping keep-alive into nvme_uninit_ctrl()
|
2024-09-11 |
CVE-2024-8096 |
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
|
2024-09-11 |
CVE-2024-23984 |
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
DEBIANBUG: [1081363]
|
2024-09-11 |
CVE-2024-45020 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a kernel verifier crash in stacksafe()
|
2024-09-11 |
CVE-2024-45023 |
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: Fix data corruption for degraded array with slow disk
|
2024-09-11 |
CVE-2024-45017 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix IPsec RoCE MPV trace call
|
2024-09-11 |
CVE-2024-46672 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
|
2024-09-11 |
CVE-2024-45014 |
In the Linux kernel, the following vulnerability has been resolved:
s390/boot: Avoid possible physmem_info segment corruption
|
2024-09-11 |
CVE-2024-45010 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: only mark 'subflow' endp as available
|
2024-09-11 |
CVE-2024-45025 |
In the Linux kernel, the following vulnerability has been resolved:
fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
|
2024-09-11 |
CVE-2024-45027 |
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()
|
2024-09-11 |
CVE-2024-8645 |
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file
|
2024-09-10 |
CVE-2024-8443 |
libopensc: Heap buffer overflow in OpenPGP driver when generating key
|
2024-09-09 |
CVE-2024-7652 |
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
|
2024-09-06 |
CVE-2023-52915 |
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
|
2024-09-06 |
CVE-2024-34156 |
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
|
2024-09-06 |
CVE-2024-34155 |
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
|
2024-09-06 |
CVE-2024-34158 |
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
|
2024-09-06 |
CVE-2023-52916 |
In the Linux kernel, the following vulnerability has been resolved:
media: aspeed: Fix memory overwrite if timing is 1600x900
|
2024-09-06 |
CVE-2024-8394 |
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
|
2024-09-06 |
CVE-2024-8445 |
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.
|
2024-09-05 |
CVE-2024-45005 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: fix validity interception issue when gisa is switched off
|
2024-09-04 |
CVE-2024-44982 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
|
2024-09-04 |
CVE-2024-44995 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix a deadlock problem when config TC during resetting
|
2024-09-04 |
CVE-2024-20506 |
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
|
2024-09-04 |
CVE-2024-44960 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: core: Check for unset descriptor
|
2024-09-04 |
CVE-2024-45004 |
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: dcp: fix leak of blob encryption key
|
2024-09-04 |
CVE-2024-44978 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Free job before xe_exec_queue_put
|
2024-09-04 |
CVE-2024-44968 |
In the Linux kernel, the following vulnerability has been resolved:
tick/broadcast: Move per CPU pointer access into the atomic section
|
2024-09-04 |
CVE-2024-44994 |
In the Linux kernel, the following vulnerability has been resolved:
iommu: Restore lost return in iommu_report_device_fault()
|
2024-09-04 |
CVE-2024-20505 |
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
|
2024-09-04 |
CVE-2024-44953 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix deadlock during RTC update
|
2024-09-04 |
CVE-2024-44954 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: line6: Fix racy access to midibuf
|
2024-09-04 |
CVE-2024-44984 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
|
2024-09-04 |
CVE-2024-44992 |
In the Linux kernel, the following vulnerability has been resolved:
smb/client: avoid possible NULL dereference in cifs_free_subrequest()
|
2024-09-04 |
CVE-2024-44950 |
In the Linux kernel, the following vulnerability has been resolved:
serial: sc16is7xx: fix invalid FIFO access with special register set
|
2024-09-04 |
CVE-2024-44993 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`
|
2024-09-04 |
CVE-2024-44971 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
|
2024-09-04 |
CVE-2024-44976 |
In the Linux kernel, the following vulnerability has been resolved:
ata: pata_macio: Fix DMA table overflow
|
2024-09-04 |
CVE-2024-44987 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent UAF in ip6_send_skb()
|
2024-09-04 |
CVE-2024-44998 |
In the Linux kernel, the following vulnerability has been resolved:
atm: idt77252: prevent use after free in dequeue_rx()
|
2024-09-04 |
CVE-2024-44996 |
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix recursive ->recvmsg calls
|
2024-09-04 |
CVE-2024-44959 |
In the Linux kernel, the following vulnerability has been resolved:
tracefs: Use generic inode RCU for synchronizing freeing
|
2024-09-04 |
CVE-2024-44974 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: avoid possible UaF when selecting endp
|
2024-09-04 |
CVE-2024-44964 |
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix memory leaks and crashes while performing a soft reset
|
2024-09-04 |
CVE-2024-45001 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix RX buf alloc_size alignment and atomic op panic
|
2024-09-04 |
CVE-2024-44979 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix missing workqueue destroy in xe_gt_pagefault
|
2024-09-04 |
CVE-2024-44951 |
In the Linux kernel, the following vulnerability has been resolved:
serial: sc16is7xx: fix TX fifo corruption
|
2024-09-04 |
CVE-2024-43402 |
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.
|
2024-09-04 |
CVE-2024-44981 |
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask()
|
2024-09-04 |
CVE-2024-44975 |
In the Linux kernel, the following vulnerability has been resolved:
cgroup/cpuset: fix panic caused by partcmd_update
|
2024-09-04 |
CVE-2024-44997 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()
|
2024-09-04 |
CVE-2024-44980 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix opregion leak
|
2024-09-04 |
CVE-2024-44973 |
In the Linux kernel, the following vulnerability has been resolved:
mm, slub: do not call do_slab_free for kfence object
|
2024-09-04 |
CVE-2024-44999 |
In the Linux kernel, the following vulnerability has been resolved:
gtp: pull network headers in gtp_dev_xmit()
|
2024-09-04 |
CVE-2024-44966 |
In the Linux kernel, the following vulnerability has been resolved:
binfmt_flat: Fix corruption when not offsetting data start
|
2024-09-04 |
CVE-2024-44985 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent possible UAF in ip6_xmit()
|
2024-09-04 |
CVE-2024-44967 |
In the Linux kernel, the following vulnerability has been resolved:
drm/mgag200: Bind I2C lifetime to DRM device
|
2024-09-04 |
CVE-2024-44988 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Fix out-of-bound access
|
2024-09-04 |
CVE-2024-45506 |
A flaw was found in HAProxy. In certain conditions, an endless loop condition can be remotely triggered in the h2_send() function. The loop will be interrupted by the watchdog, however, this will kill the process and lead to a denial of service.
|
2024-09-04 |
CVE-2024-8383 |
The Mozilla Foundation's Security Advisory reveals that Firefox didn't prompt for confirmation when handling Usenet schemes like news: and snews:, which could allow malicious programs to register as handlers. This oversight could enable a website to launch these programs without user consent.
|
2024-09-03 |
CVE-2024-45616 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-8386 |
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2.
|
2024-09-03 |
CVE-2024-45310 |
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.
Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual
user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.
|
2024-09-03 |
CVE-2024-8382 |
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
|
2024-09-03 |
CVE-2024-8384 |
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
|
2024-09-03 |
CVE-2024-45615 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-45618 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-45619 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-8381 |
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
|
2024-09-03 |
CVE-2024-45620 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-6232 |
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
|
2024-09-03 |
CVE-2024-8388 |
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature.
*This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.
|
2024-09-03 |
CVE-2024-45617 |
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
|
2024-09-03 |
CVE-2024-6119 |
Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.
Impact summary: Abnormal termination of an application can a cause a denial of
service.
Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.
Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.
TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a reference identifier (expected
identity), but rather extract the presented identity after checking the
certificate chain. So TLS servers are generally not affected and the severity
of the issue is Moderate.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
|
2024-09-03 |
CVE-2024-45306 |
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of
a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at
the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
|
2024-09-02 |
CVE-2024-44946 |
In the Linux kernel, the following vulnerability has been resolved:
kcm: Serialise kcm_sendmsg() for the same socket.
|
2024-08-31 |
CVE-2024-44945 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink: Initialise extack before use in ACKs
|
2024-08-31 |
CVE-2024-8006 |
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.
|
2024-08-31 |
CVE-2023-7256 |
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
|
2024-08-31 |
CVE-2024-42934 |
openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator
|
2024-08-30 |
CVE-2024-45492 |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
|
2024-08-30 |
CVE-2022-48944 |
In the Linux kernel, the following vulnerability has been resolved:
sched: Fix yet more sched_fork() races
|
2024-08-30 |
CVE-2024-44944 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use helper function to calculate expect ID
|
2024-08-30 |
CVE-2024-45491 |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
|
2024-08-30 |
CVE-2024-8235 |
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
|
2024-08-30 |
CVE-2024-45490 |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
|
2024-08-30 |
CVE-2024-8250 |
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
|
2024-08-29 |
CVE-2021-4442 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: add sanity tests to TCP_QUEUE_SEQ
|
2024-08-29 |
CVE-2024-44943 |
In the Linux kernel, the following vulnerability has been resolved:
mm: gup: stop abusing try_grab_folio
|
2024-08-28 |
CVE-2024-45321 |
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
|
2024-08-27 |
CVE-2024-7730 |
qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()
|
2024-08-27 |
CVE-2024-43890 |
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix overflow in get_free_elt()
|
2024-08-26 |
CVE-2024-43802 |
Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.
|
2024-08-26 |
CVE-2024-43900 |
In the Linux kernel, the following vulnerability has been resolved:
media: xc2028: avoid use-after-free in load_firmware_cb()
|
2024-08-26 |
CVE-2024-43888 |
In the Linux kernel, the following vulnerability has been resolved:
mm: list_lru: fix UAF for memory cgroup
|
2024-08-26 |
CVE-2024-44934 |
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mcast: wait for previous gc cycles when removing port
|
2024-08-26 |
CVE-2024-43887 |
In the Linux kernel, the following vulnerability has been resolved:
net/tcp: Disable TCP-AO static key after RCU grace period
|
2024-08-26 |
CVE-2024-44933 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl()
|
2024-08-26 |
CVE-2024-44932 |
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix UAFs when destroying the queues
|
2024-08-26 |
CVE-2024-44938 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix shift-out-of-bounds in dbDiscardAG
|
2024-08-26 |
CVE-2024-41996 |
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
|
2024-08-26 |
CVE-2024-43912 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: disallow setting special AP channel widths
|
2024-08-26 |
CVE-2024-43911 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix NULL dereference at band check in starting tx ba session
|
2024-08-26 |
CVE-2024-43885 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double inode unlock for direct IO sync writes
|
2024-08-26 |
CVE-2024-43891 |
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have format file honor EVENT_FILE_FL_FREED
|
2024-08-26 |
CVE-2024-43896 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL
|
2024-08-26 |
CVE-2024-44941 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to cover read extent cache access with lock
|
2024-08-26 |
CVE-2024-43884 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
|
2024-08-26 |
CVE-2023-49582 |
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.
This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
|
2024-08-26 |
CVE-2024-44936 |
In the Linux kernel, the following vulnerability has been resolved:
power: supply: rt5033: Bring back i2c_set_clientdata
|
2024-08-26 |
CVE-2024-44942 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
|
2024-08-26 |
CVE-2024-44937 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: intel-vbtn: Protect ACPI notify handler against recursion
|
2024-08-26 |
CVE-2024-44939 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
|
2024-08-26 |
CVE-2022-48906 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
|
2024-08-22 |
CVE-2022-48916 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
|
2024-08-22 |
CVE-2022-48919 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix double free race when mount fails in cifs_get_root()
|
2024-08-22 |
CVE-2022-48912 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: fix use-after-free in __nf_register_net_hook()
|
2024-08-22 |
CVE-2022-48934 |
In the Linux kernel, the following vulnerability has been resolved:
nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
|
2024-08-22 |
CVE-2024-43398 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
|
2024-08-22 |
CVE-2022-48905 |
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: free reset-work-item when flushing
|
2024-08-22 |
CVE-2022-48902 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not WARN_ON() if we have PageError set
|
2024-08-22 |
CVE-2022-48932 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
|
2024-08-22 |
CVE-2022-48907 |
In the Linux kernel, the following vulnerability has been resolved:
auxdisplay: lcd2s: Fix memory leak in ->remove()
|
2024-08-22 |
CVE-2022-48918 |
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: mvm: check debugfs_dir ptr before use
|
2024-08-22 |
CVE-2022-48943 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: make apf token non-zero to fix bug
|
2024-08-22 |
CVE-2022-48927 |
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: tsc2046: fix memory corruption by preventing array overflow
|
2024-08-22 |
CVE-2022-48926 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: add spinlock for rndis response list
|
2024-08-22 |
CVE-2022-48923 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: prevent copying too big compressed lzo segment
|
2024-08-22 |
CVE-2024-8088 |
There is a severity vulnerability affecting the CPython "zipfile"
module.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
|
2024-08-22 |
CVE-2022-48903 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()
|
2024-08-22 |
CVE-2022-48913 |
In the Linux kernel, the following vulnerability has been resolved:
blktrace: fix use after free for struct blk_trace
|
2024-08-22 |
CVE-2022-48904 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix I/O page table memory leak
|
2024-08-22 |
CVE-2021-4441 |
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
|
2024-08-22 |
CVE-2022-48941 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix concurrent reset and removal of VFs
|
2024-08-22 |
CVE-2022-48925 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Do not change route.addr.src_addr outside state checks
|
2024-08-22 |
CVE-2022-48901 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not start relocation until in progress drops are done
|
2024-08-22 |
CVE-2022-48940 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix crash due to incorrect copy_map_value
|
2024-08-22 |
CVE-2024-43790 |
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.
|
2024-08-22 |
CVE-2022-48867 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Prevent use after free on completion memory
|
2024-08-21 |
CVE-2022-48889 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof-nau8825: fix module alias overflow
|
2024-08-21 |
CVE-2022-48892 |
In the Linux kernel, the following vulnerability has been resolved:
sched/core: Fix use-after-free bug in dup_user_cpus_ptr()
|
2024-08-21 |
CVE-2023-52897 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: do not warn on record without old_roots populated
|
2024-08-21 |
CVE-2024-43871 |
In the Linux kernel, the following vulnerability has been resolved:
devres: Fix memory leakage caused by driver API devm_free_percpu()
|
2024-08-21 |
CVE-2022-48890 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
|
2024-08-21 |
CVE-2023-52912 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fixed bug on error when unloading amdgpu
|
2024-08-21 |
CVE-2024-43867 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: prime: fix refcount underflow
|
2024-08-21 |
CVE-2024-43878 |
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Fix input error path memory access
|
2024-08-21 |
CVE-2022-48874 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
|
2024-08-21 |
CVE-2022-48897 |
In the Linux kernel, the following vulnerability has been resolved:
arm64/mm: fix incorrect file_map_count for invalid pmd
|
2024-08-21 |
CVE-2024-43862 |
In the Linux kernel, the following vulnerability has been resolved:
net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex
|
2024-08-21 |
CVE-2022-48885 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix potential memory leak in ice_gnss_tty_write()
|
2024-08-21 |
CVE-2024-43868 |
In the Linux kernel, the following vulnerability has been resolved:
riscv/purgatory: align riscv_kernel_entry
|
2024-08-21 |
CVE-2024-43873 |
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
|
2024-08-21 |
CVE-2023-52904 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
|
2024-08-21 |
CVE-2022-48872 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free race condition for maps
|
2024-08-21 |
CVE-2024-43879 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
|
2024-08-21 |
CVE-2022-48894 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu-v3: Don't unregister on shutdown
|
2024-08-21 |
CVE-2022-48876 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix initialization of rx->link and rx->link_sta
|
2024-08-21 |
CVE-2022-48893 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Cleanup partial engine discovery failures
|
2024-08-21 |
CVE-2022-48881 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/amd: Fix refcount leak in amd_pmc_probe
|
2024-08-21 |
CVE-2023-52908 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential NULL dereference
|
2024-08-21 |
CVE-2022-48886 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Add check for kzalloc
|
2024-08-21 |
CVE-2024-43865 |
In the Linux kernel, the following vulnerability has been resolved:
s390/fpu: Re-add exception handling in load_fpu_state()
|
2024-08-21 |
CVE-2022-48884 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix command stats access after free
|
2024-08-21 |
CVE-2024-43870 |
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exit
|
2024-08-21 |
CVE-2024-43876 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
|
2024-08-21 |
CVE-2023-52895 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: don't reissue in case of poll race on multishot request
|
2024-08-21 |
CVE-2024-43880 |
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_erp: Fix object nesting warning
|
2024-08-21 |
CVE-2023-52914 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: add hash if ready poll request can't complete inline
|
2024-08-21 |
CVE-2022-48883 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
|
2024-08-21 |
CVE-2023-52905 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix resource leakage in VF driver unbind
|
2024-08-21 |
CVE-2023-52913 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Fix potential context UAFs
|
2024-08-21 |
CVE-2024-43869 |
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exec and file release
|
2024-08-21 |
CVE-2023-52902 |
In the Linux kernel, the following vulnerability has been resolved:
nommu: fix memory leak in do_mmap() error path
|
2024-08-21 |
CVE-2024-43875 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Clean up error handling in vpci_scan_bus()
|
2024-08-21 |
CVE-2022-48887 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Remove rcu locks from user resources
|
2024-08-21 |
CVE-2022-48873 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Don't remove map on creater_process and device_release
|
2024-08-21 |
CVE-2024-43866 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Always drain health in shutdown callback
|
2024-08-21 |
CVE-2024-43877 |
In the Linux kernel, the following vulnerability has been resolved:
media: pci: ivtv: Add check for DMA map result
|
2024-08-21 |
CVE-2024-43864 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix CT entry update leaks of modify header context
|
2024-08-21 |
CVE-2024-43881 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: change DMA direction while mapping reinjected packets
|
2024-08-21 |
CVE-2024-43874 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked
|
2024-08-21 |
CVE-2023-52911 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: another fix for the headless Adreno GPU
|
2024-08-21 |
CVE-2022-48878 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_qca: Fix driver shutdown on closed serdev
|
2024-08-21 |
CVE-2024-43863 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix a deadlock in dma buf fence polling
|
2024-08-21 |
CVE-2022-48895 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: Don't unregister on shutdown
|
2024-08-21 |
CVE-2022-48882 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
|
2024-08-21 |
CVE-2022-48888 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path
|
2024-08-21 |
CVE-2024-43872 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix soft lockup under heavy CEQE load
|
2024-08-21 |
CVE-2024-7592 |
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module.
When parsing cookies that contained backslashes for quoted characters in
the cookie value, the parser would use an algorithm with quadratic
complexity, resulting in excess CPU resources being used while parsing the
value.
|
2024-08-19 |
CVE-2024-23184 |
Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers.
|
2024-08-19 |
CVE-2024-23185 |
Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers.
|
2024-08-19 |
CVE-2024-42262 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix potential memory leak in the performance extension
|
2024-08-17 |
CVE-2024-42294 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between sd_remove & sd_release
|
2024-08-17 |
CVE-2024-42293 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: mm: Fix lockless walks with static and dynamic page-table folding
|
2024-08-17 |
CVE-2024-42278 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: TAS2781: Fix tasdev_load_calibrated_data()
|
2024-08-17 |
CVE-2024-43833 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Fix NULL pointer dereference in adding ancillary links
|
2024-08-17 |
CVE-2024-43851 |
In the Linux kernel, the following vulnerability has been resolved:
soc: xilinx: rename cpu_number1 to dummy_cpu_number
|
2024-08-17 |
CVE-2024-42263 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix potential memory leak in the timestamp extension
|
2024-08-17 |
CVE-2024-43840 |
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
|
2024-08-17 |
CVE-2024-42273 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid
|
2024-08-17 |
CVE-2024-42318 |
In the Linux kernel, the following vulnerability has been resolved:
landlock: Don't lose track of restrictions on cred_transfer
|
2024-08-17 |
CVE-2024-43832 |
In the Linux kernel, the following vulnerability has been resolved:
s390/uv: Don't call folio_wait_writeback() without a folio reference
|
2024-08-17 |
CVE-2024-42291 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Add a per-VF limit on number of FDIR filters
|
2024-08-17 |
CVE-2024-42268 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix missing lock on sync reset reload
|
2024-08-17 |
CVE-2024-43845 |
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix bogus checksum computation in udf_rename()
|
2024-08-17 |
CVE-2024-43827 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check before access structs
|
2024-08-17 |
CVE-2024-43844 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: wow: fix GTK offload H2C skbuff issue
|
2024-08-17 |
CVE-2024-42272 |
In the Linux kernel, the following vulnerability has been resolved:
sched: act_ct: take care of padding in struct zones_ht_key
|
2024-08-17 |
CVE-2024-42320 |
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix error checks in dasd_copy_pair_store()
|
2024-08-17 |
CVE-2024-43815 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: mxs-dcp - Ensure payload is zero when using key slot
|
2024-08-17 |
CVE-2024-42310 |
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
|
2024-08-17 |
CVE-2024-42319 |
In the Linux kernel, the following vulnerability has been resolved:
mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
|
2024-08-17 |
CVE-2024-43816 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
|
2024-08-17 |
CVE-2024-43823 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
|
2024-08-17 |
CVE-2024-43819 |
In the Linux kernel, the following vulnerability has been resolved:
kvm: s390: Reject memory region operations for ucontrol VMs
|
2024-08-17 |
CVE-2024-42301 |
In the Linux kernel, the following vulnerability has been resolved:
dev/parport: fix the array out-of-bounds risk
|
2024-08-17 |
CVE-2024-42277 |
In the Linux kernel, the following vulnerability has been resolved:
iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
|
2024-08-17 |
CVE-2024-43839 |
In the Linux kernel, the following vulnerability has been resolved:
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
|
2024-08-17 |
CVE-2024-43843 |
In the Linux kernel, the following vulnerability has been resolved:
riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
|
2024-08-17 |
CVE-2024-43818 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: Adjust error handling in case of absent codec device
|
2024-08-17 |
CVE-2024-42260 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Validate passed in drm syncobj handles in the performance extension
|
2024-08-17 |
CVE-2024-43850 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
|
2024-08-17 |
CVE-2024-42309 |
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
|
2024-08-17 |
CVE-2024-42290 |
In the Linux kernel, the following vulnerability has been resolved:
irqchip/imx-irqsteer: Handle runtime power management correctly
|
2024-08-17 |
CVE-2024-42303 |
In the Linux kernel, the following vulnerability has been resolved:
media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()
|
2024-08-17 |
CVE-2024-43836 |
In the Linux kernel, the following vulnerability has been resolved:
net: ethtool: pse-pd: Fix possible null-deref
|
2024-08-17 |
CVE-2024-43826 |
In the Linux kernel, the following vulnerability has been resolved:
nfs: pass explicit offset/count to trace events
|
2024-08-17 |
CVE-2024-43852 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ltc2991) re-order conditions to fix off by one bug
|
2024-08-17 |
CVE-2024-42261 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Validate passed in drm syncobj handles in the timestamp extension
|
2024-08-17 |
CVE-2024-42302 |
In the Linux kernel, the following vulnerability has been resolved:
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
|
2024-08-17 |
CVE-2024-43848 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix TTLM teardown work
|
2024-08-17 |
CVE-2024-43838 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix overflow check in adjust_jmp_off()
|
2024-08-17 |
CVE-2024-43860 |
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: imx_rproc: Skip over memory region when node value is NULL
|
2024-08-17 |
CVE-2024-42275 |
In the Linux kernel, the following vulnerability has been resolved:
drm/client: Fix error code in drm_client_buffer_vmap_local()
|
2024-08-17 |
CVE-2024-43821 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix a possible null pointer dereference
|
2024-08-17 |
CVE-2024-43847 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix invalid memory access while processing fragmented packets
|
2024-08-17 |
CVE-2024-43859 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to truncate preallocated blocks in f2fs_file_open()
|
2024-08-17 |
CVE-2024-42264 |
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Prevent out of bounds access in performance query extensions
|
2024-08-17 |
CVE-2024-42267 |
In the Linux kernel, the following vulnerability has been resolved:
riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
|
2024-08-17 |
CVE-2024-43820 |
In the Linux kernel, the following vulnerability has been resolved:
dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
|
2024-08-17 |
CVE-2024-42296 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix return value of f2fs_convert_inline_inode()
|
2024-08-17 |
CVE-2024-42279 |
In the Linux kernel, the following vulnerability has been resolved:
spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
|
2024-08-17 |
CVE-2024-42271 |
In the Linux kernel, the following vulnerability has been resolved:
net/iucv: fix use after free in iucv_sock_close()
|
2024-08-17 |
CVE-2024-42266 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: make cow_file_range_inline() honor locked_page on error
|
2024-08-17 |
CVE-2024-43824 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()
|
2024-08-17 |
CVE-2024-43841 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: avoid reporting connection success with wrong SSID
|
2024-08-17 |
CVE-2024-43822 |
In the Linux kernel, the following vulnerability has been resolved:
ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe()
|
2024-08-17 |
CVE-2024-43374 |
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.
|
2024-08-16 |
CVE-2024-42472 |
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the designated sandbox. As a result, the attacker could potentially manipulate the file system, leading to unauthorized actions that compromise the security and integrity of the system.
Flatpak is not providing a security boundary that protects the OS from untrusted content in the flatpak. Flatpak applications should be vetted and reviewed with the same attention as regular OS packages. It should be assumed that an installed flatpak shares the same privileges and access than the user running it.
|
2024-08-15 |
CVE-2024-24980 |
Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2024-42353 |
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.
|
2024-08-14 |
CVE-2023-49141 |
Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2024-7347 |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
2024-08-14 |
CVE-2024-42259 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
|
2024-08-14 |
CVE-2024-25939 |
Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
|
2024-08-14 |
CVE-2024-39792 |
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
2024-08-14 |
CVE-2024-24853 |
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2024-22374 |
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.
|
2024-08-14 |
CVE-2023-42667 |
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
|
2024-08-14 |
CVE-2023-31356 |
Incomplete system memory cleanup in SEV firmware could
allow a privileged attacker to corrupt guest private memory, potentially
resulting in a loss of data integrity.
|
2024-08-13 |
CVE-2023-20584 |
IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.
|
2024-08-13 |
CVE-2024-38168 |
.NET and Visual Studio Denial of Service Vulnerability
|
2024-08-13 |
CVE-2024-42258 |
In the Linux kernel, the following vulnerability has been resolved:
mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines
|
2024-08-12 |
CVE-2024-5651 |
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.
|
2024-08-12 |
CVE-2024-7589 |
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.
As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
|
2024-08-12 |
CVE-2023-31315 |
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
|
2024-08-12 |
CVE-2024-43168 |
unbound: Heap-Buffer-Overflow in Unbound
|
2024-08-09 |
CVE-2024-43167 |
unbound: NULL Pointer Dereference in Unbound
|
2024-08-09 |
CVE-2024-42255 |
In the Linux kernel, the following vulnerability has been resolved:
tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()
|
2024-08-08 |
CVE-2024-42251 |
In the Linux kernel, the following vulnerability has been resolved:
mm: page_ref: remove folio_try_get_rcu()
|
2024-08-08 |
CVE-2024-7348 |
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
|
2024-08-08 |
CVE-2024-42256 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix server re-repick on subrequest retry
|
2024-08-08 |
CVE-2024-42257 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: use memtostr_pad() for s_volume_name
|
2024-08-08 |
CVE-2024-42252 |
In the Linux kernel, the following vulnerability has been resolved:
closures: Change BUG_ON() to WARN_ON()
|
2024-08-08 |
CVE-2024-42254 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix error pbuf checking
|
2024-08-08 |
CVE-2024-42248 |
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: ma35d1: Add a NULL check for of_node
|
2024-08-07 |
CVE-2024-42249 |
In the Linux kernel, the following vulnerability has been resolved:
spi: don't unoptimize message in spi_async()
|
2024-08-07 |
CVE-2024-42235 |
In the Linux kernel, the following vulnerability has been resolved:
s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()
|
2024-08-07 |
CVE-2024-42239 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fail bpf_timer_cancel when callback is being cancelled
|
2024-08-07 |
CVE-2024-42241 |
In the Linux kernel, the following vulnerability has been resolved:
mm/shmem: disable PMD-sized page cache if needed
|
2024-08-07 |
CVE-2024-5290 |
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
|
2024-08-07 |
CVE-2024-42233 |
In the Linux kernel, the following vulnerability has been resolved:
filemap: replace pte_offset_map() with pte_offset_map_nolock()
|
2024-08-07 |
CVE-2024-7006 |
libtiff: NULL pointer dereference in tif_dirinfo.c
|
2024-08-07 |
CVE-2024-42243 |
In the Linux kernel, the following vulnerability has been resolved:
mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray
|
2024-08-07 |
CVE-2024-42242 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE
|
2024-08-07 |
CVE-2024-42234 |
In the Linux kernel, the following vulnerability has been resolved:
mm: fix crashes from deferred split racing folio migration
|
2024-08-07 |
CVE-2024-43112 |
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
|
2024-08-06 |
CVE-2024-7525 |
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7530 |
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
|
2024-08-06 |
CVE-2024-43113 |
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
|
2024-08-06 |
CVE-2024-7246 |
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.
This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.
Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
|
2024-08-06 |
CVE-2024-7521 |
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
|
2024-08-06 |
CVE-2024-7522 |
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7531 |
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
|
2024-08-06 |
CVE-2024-7519 |
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7518 |
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
|
2024-08-06 |
CVE-2024-7529 |
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-43111 |
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.
|
2024-08-06 |
CVE-2024-7527 |
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7526 |
ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
|
2024-08-06 |
CVE-2024-7524 |
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
|
2024-08-06 |
CVE-2024-7528 |
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
|
2024-08-06 |
CVE-2024-7523 |
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.
*This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.
|
2024-08-06 |
CVE-2024-7520 |
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
|
2024-08-06 |
CVE-2024-6472 |
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
|
2024-08-05 |
CVE-2024-7409 |
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
Amazon Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. Amazon Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
|
2024-08-04 |
CVE-2024-41957 |
Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,
but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647
|
2024-08-01 |
CVE-2024-41123 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
|
2024-08-01 |
CVE-2024-41946 |
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
|
2024-08-01 |
CVE-2024-41965 |
Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.
|
2024-08-01 |
CVE-2024-6923 |
There is a MEDIUM severity vulnerability affecting CPython.
The
email module didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized.
|
2024-08-01 |
CVE-2024-7264 |
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the *time fraction*, leading to
a `strlen()` getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when
[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
|
2024-07-31 |
CVE-2024-42112 |
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: free isb resources at the right time
|
2024-07-30 |
CVE-2024-42155 |
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of protected- and secure-keys
|
2024-07-30 |
CVE-2024-42129 |
In the Linux kernel, the following vulnerability has been resolved:
leds: mlxreg: Use devm_mutex_init() for mutex initialization
|
2024-07-30 |
CVE-2024-42123 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix double free err_addr pointer warnings
|
2024-07-30 |
CVE-2024-42144 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
|
2024-07-30 |
CVE-2024-42159 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Sanitise num_phys
|
2024-07-30 |
CVE-2024-42231 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: zoned: fix calc_available_free_space() for zoned mode
|
2024-07-30 |
CVE-2024-42114 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
|
2024-07-30 |
CVE-2024-42158 |
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
|
2024-07-30 |
CVE-2024-42122 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL pointer check for kzalloc
|
2024-07-30 |
CVE-2024-42108 |
In the Linux kernel, the following vulnerability has been resolved:
net: rswitch: Avoid use-after-free in rswitch_poll()
|
2024-07-30 |
CVE-2024-42134 |
In the Linux kernel, the following vulnerability has been resolved:
virtio-pci: Check if is_avq is NULL
|
2024-07-30 |
CVE-2024-42100 |
In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common
|
2024-07-30 |
CVE-2024-42099 |
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: Fix invalid dereferencing of indirect CCW data pointer
|
2024-07-30 |
CVE-2024-42132 |
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
|
2024-07-30 |
CVE-2024-42128 |
In the Linux kernel, the following vulnerability has been resolved:
leds: an30259a: Use devm_mutex_init() for mutex initialization
|
2024-07-30 |
CVE-2024-42141 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Check socket flag instead of hcon
|
2024-07-30 |
CVE-2024-42113 |
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
|
2024-07-30 |
CVE-2024-42125 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband
|
2024-07-30 |
CVE-2024-42154 |
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
|
2024-07-30 |
CVE-2024-42224 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Correct check for empty list
|
2024-07-30 |
CVE-2024-42227 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix overlapping copy within dml_core_mode_programming
|
2024-07-30 |
CVE-2024-42162 |
In the Linux kernel, the following vulnerability has been resolved:
gve: Account for stopped queues when reading NIC stats
|
2024-07-30 |
CVE-2024-42118 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Do not return negative stream id for array
|
2024-07-30 |
CVE-2024-42149 |
In the Linux kernel, the following vulnerability has been resolved:
fs: don't misleadingly warn during thaw operations
|
2024-07-30 |
CVE-2023-52888 |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Only free buffer VA that is not NULL
|
2024-07-30 |
CVE-2024-42139 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix improper extts handling
|
2024-07-30 |
CVE-2024-42135 |
In the Linux kernel, the following vulnerability has been resolved:
vhost_task: Handle SIGKILL by flushing work and exiting
|
2024-07-30 |
CVE-2024-42146 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf
|
2024-07-30 |
CVE-2024-42160 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: check validation of fault attrs in f2fs_build_fault_attr()
|
2024-07-30 |
CVE-2024-42228 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
|
2024-07-30 |
CVE-2024-42133 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Ignore too large handle values in BIG
|
2024-07-30 |
CVE-2024-42117 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: ASSERT when failing to find index by plane/stream id
|
2024-07-30 |
CVE-2024-42150 |
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: remove separate irq request for MSI and INTx
|
2024-07-30 |
CVE-2024-42156 |
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of clear-key structures on failure
|
2024-07-30 |
CVE-2024-42107 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Don't process extts if PTP is disabled
|
2024-07-30 |
CVE-2024-41052 |
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Init the count variable in collecting hot-reset devices
|
2024-07-29 |
CVE-2024-41817 |
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
|
2024-07-29 |
CVE-2024-41015 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: add bounds checking to ocfs2_check_dir_entry()
|
2024-07-29 |
CVE-2024-41033 |
In the Linux kernel, the following vulnerability has been resolved:
cachestat: do not flush stats in recency check
|
2024-07-29 |
CVE-2024-41068 |
In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Fix sclp_init() cleanup on failure
|
2024-07-29 |
CVE-2024-42092 |
In the Linux kernel, the following vulnerability has been resolved:
gpio: davinci: Validate the obtained number of IRQs
|
2024-07-29 |
CVE-2024-40776 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-41017 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: don't walk off the end of ealist
|
2024-07-29 |
CVE-2024-41030 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: discard write access to the directory open
|
2024-07-29 |
CVE-2024-42068 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
|
2024-07-29 |
CVE-2024-41021 |
In the Linux kernel, the following vulnerability has been resolved:
s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()
|
2024-07-29 |
CVE-2024-40789 |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-41026 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
|
2024-07-29 |
CVE-2024-42069 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix possible double free in error handling path
|
2024-07-29 |
CVE-2024-42091 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Check pat.ops before dumping PAT settings
|
2024-07-29 |
CVE-2024-41016 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
|
2024-07-29 |
CVE-2024-42064 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip pipe if the pipe idx not set properly
|
2024-07-29 |
CVE-2024-41049 |
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode
|
2024-07-29 |
CVE-2024-41094 |
In the Linux kernel, the following vulnerability has been resolved:
drm/fbdev-dma: Only set smem_start is enable per module option
|
2024-07-29 |
CVE-2024-41087 |
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Fix double free on error
|
2024-07-29 |
CVE-2024-41072 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
|
2024-07-29 |
CVE-2024-42096 |
In the Linux kernel, the following vulnerability has been resolved:
x86: stop playing stack games in profile_pc()
|
2024-07-29 |
CVE-2024-41018 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add a check for attr_names and oatbl
|
2024-07-29 |
CVE-2024-41013 |
In the Linux kernel, the following vulnerability has been resolved:
xfs: don't walk off the end of a directory data block
|
2024-07-29 |
CVE-2024-41092 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Fix potential UAF by revoke of fence registers
|
2024-07-29 |
CVE-2024-42066 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix potential integer overflow in page size calculation
|
2024-07-29 |
CVE-2024-41037 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda: fix null deref on system suspend entry
|
2024-07-29 |
CVE-2024-42083 |
In the Linux kernel, the following vulnerability has been resolved:
ionic: fix kernel panic due to multi-buffer handling
|
2024-07-29 |
CVE-2024-42072 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix may_goto with negative offset.
|
2024-07-29 |
CVE-2024-41084 |
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Avoid null pointer dereference in region lookup
|
2024-07-29 |
CVE-2024-41069 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: topology: Fix references to freed memory
|
2024-07-29 |
CVE-2024-41098 |
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Fix null pointer dereference on error
|
2024-07-29 |
CVE-2024-41056 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
|
2024-07-29 |
CVE-2024-41047 |
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix XDP program unloading while removing the driver
|
2024-07-29 |
CVE-2024-41059 |
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix uninit-value in copy_name
|
2024-07-29 |
CVE-2024-40782 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-41065 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Whitelist dtl slub object for copying to userspace
|
2024-07-29 |
CVE-2024-41041 |
In the Linux kernel, the following vulnerability has been resolved:
udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
|
2024-07-29 |
CVE-2024-41039 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Fix overflow checking of wmfw header
|
2024-07-29 |
CVE-2024-41019 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Validate ff offset
|
2024-07-29 |
CVE-2024-41067 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: scrub: handle RST lookup error correctly
|
2024-07-29 |
CVE-2024-40794 |
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.
|
2024-07-29 |
CVE-2024-42070 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
|
2024-07-29 |
CVE-2024-41025 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix memory leak in audio daemon attach operation
|
2024-07-29 |
CVE-2024-41050 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: cyclic allocation of msg_id to avoid reuse
|
2024-07-29 |
CVE-2024-41061 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport
|
2024-07-29 |
CVE-2024-41810 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
|
2024-07-29 |
CVE-2024-42078 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: initialise nfsd_info.mutex early.
|
2024-07-29 |
CVE-2024-42090 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
|
2024-07-29 |
CVE-2024-42079 |
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix NULL pointer dereference in gfs2_log_flush
|
2024-07-29 |
CVE-2024-41043 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: drop bogus WARN_ON
|
2024-07-29 |
CVE-2024-41024 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Restrict untrusted app to attach to privileged PD
|
2024-07-29 |
CVE-2024-42067 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()
|
2024-07-29 |
CVE-2024-41086 |
In the Linux kernel, the following vulnerability has been resolved:
bcachefs: Fix sb_field_downgrade validation
|
2024-07-29 |
CVE-2024-41035 |
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
|
2024-07-29 |
CVE-2024-40785 |
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
|
2024-07-29 |
CVE-2024-41082 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-fabrics: use reserved tag for reg read/write command
|
2024-07-29 |
CVE-2024-41071 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: Avoid address calculations via out of bounds array indexing
|
2024-07-29 |
CVE-2024-40780 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-41671 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
|
2024-07-29 |
CVE-2024-41020 |
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path
|
2024-07-29 |
CVE-2024-41014 |
In the Linux kernel, the following vulnerability has been resolved:
xfs: add bounds checking to xlog_recover_process_data
|
2024-07-29 |
CVE-2024-41029 |
In the Linux kernel, the following vulnerability has been resolved:
nvmem: core: limit cell sysfs permissions to main attribute ones
|
2024-07-29 |
CVE-2024-41066 |
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: Add tx check to prevent skb leak
|
2024-07-29 |
CVE-2024-3219 |
There is a MEDIUM severity vulnerability affecting CPython.
The
“socket” module provides a pure-Python fallback to the
socket.socketpair() function for platforms that don’t support AF_UNIX,
such as Windows. This pure-Python implementation uses AF_INET or
AF_INET6 to create a local connected pair of sockets. The connection
between the two sockets was not verified before passing the two sockets
back to the user, which leaves the server socket vulnerable to a
connection race from a malicious local peer.
Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
|
2024-07-29 |
CVE-2024-42063 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
2024-07-29 |
CVE-2024-41023 |
In the Linux kernel, the following vulnerability has been resolved:
sched/deadline: Fix task_struct reference leak
|
2024-07-29 |
CVE-2024-41062 |
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/l2cap: sync sock recv cb and release
|
2024-07-29 |
CVE-2024-42088 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link
|
2024-07-29 |
CVE-2024-41055 |
In the Linux kernel, the following vulnerability has been resolved:
mm: prevent derefencing NULL ptr in pfn_section_valid()
|
2024-07-29 |
CVE-2024-40779 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
|
2024-07-29 |
CVE-2024-41054 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix ufshcd_clear_cmd racing issue
|
2024-07-29 |
CVE-2024-40897 |
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer’s build environment.
|
2024-07-26 |
CVE-2024-41090 |
kernel: virtio-net: tap: mlx5_core short frame denial of service
|
2024-07-25 |
CVE-2024-41091 |
kernel: virtio-net: tun: mlx5_core short frame denial of service
|
2024-07-25 |
CVE-2024-6197 |
libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
|
2024-07-24 |
CVE-2024-41110 |
AWS is aware of CVE-2024-41110, an issue affecting the Moby open source project, packaged in Amazon Linux as "docker". Docker is a component of several open source container management systems.
This issue does not affect the default configuration of docker. If an authorization plugin is enabled, a specially-crafted API request to the docker daemon will be forwarded to the authorization plugin in a way that could lead to unintended actions, such as privilege escalation. Enabling an authorization plugin is an atypical configuration. The affected API endpoint is not exposed to the network in either the default, typical, or recommended configurations. The default EKS and ECS configurations do not expose the API endpoint to the network. Enabling a Docker authorization plugin is not supported when using ECS. Finally, docker is not installed on EKS AMIs newer than 1.24. Although Docker is installed in EKS 1.24 and earlier, EKS does not support authorization plugins.
Updated docker packages addressing the issue are available for Amazon Linux 2 (docker-20.10.25-1.amzn2.0.5 and docker-25.0.6-1.amzn2.0.1) and for Amazon Linux 2023 (docker-25.0.6-1amzn2023.0.1). AWS recommends that customers using docker upgrade to these or later versions.
|
2024-07-24 |
CVE-2024-6874 |
CVE-2024-6874 is a serious security flaw in libcurl's curl_url_get() function, used for converting international domain names. When processing a name exactly 256 bytes long, it reads beyond its buffer and fails to null-terminate the string, potentially exposing or modifying stack data. This vulnerability is easy to exploit remotely without special permissions or user interaction, making it a important-severity issue with a CVSS score of 7.2. Users should apply security patches to mitigate this risk.
|
2024-07-24 |
CVE-2024-1975 |
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-0760 |
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack.
This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-4076 |
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-1737 |
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
|
2024-07-23 |
CVE-2024-40725 |
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes this issue.
|
2024-07-18 |
CVE-2024-41184 |
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
|
2024-07-18 |
CVE-2024-40898 |
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
Amazon Linux is not affected, CVE specifics to the Wiindows operating system
|
2024-07-18 |
CVE-2024-41011 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
|
2024-07-18 |
CVE-2024-41009 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf
|
2024-07-17 |
CVE-2024-41010 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix too early release of tcx_entry
|
2024-07-17 |
CVE-2021-47623 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/fixmap: Fix VM debug warning on unmap
|
2024-07-16 |
CVE-2024-21144 |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-07-16 |
CVE-2022-48857 |
In the Linux kernel, the following vulnerability has been resolved:
NFC: port100: fix use-after-free in port100_send_complete
|
2024-07-16 |
CVE-2024-21165 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48789 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix possible use-after-free in transport error_recovery work
|
2024-07-16 |
CVE-2024-21176 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48819 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
|
2024-07-16 |
CVE-2022-48809 |
In the Linux kernel, the following vulnerability has been resolved:
net: fix a memleak when uncloning an skb dst and its metadata
|
2024-07-16 |
CVE-2022-48784 |
In the Linux kernel, the following vulnerability has been resolved:
cfg80211: fix race in netlink owner interface destruction
|
2024-07-16 |
CVE-2022-48851 |
In the Linux kernel, the following vulnerability has been resolved:
staging: gdm724x: fix use after free in gdm_lte_rx()
|
2024-07-16 |
CVE-2024-21147 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
|
2024-07-16 |
CVE-2024-21137 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-21177 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-21130 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48800 |
In the Linux kernel, the following vulnerability has been resolved:
mm: vmscan: remove deadlock due to throttling failing to make progress
|
2024-07-16 |
CVE-2022-48824 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: myrs: Fix crash in error case
|
2024-07-16 |
CVE-2022-48864 |
In the Linux kernel, the following vulnerability has been resolved:
vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command
|
2024-07-16 |
CVE-2024-21166 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).
|
2024-07-16 |
CVE-2024-21134 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
|
2024-07-16 |
CVE-2022-48798 |
In the Linux kernel, the following vulnerability has been resolved:
s390/cio: verify the driver availability for path_event call
|
2024-07-16 |
CVE-2022-48807 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
|
2024-07-16 |
CVE-2022-48779 |
In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
|
2024-07-16 |
CVE-2024-0102 |
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service.
|
2024-07-16 |
CVE-2024-21185 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38, 8.4.1 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48777 |
In the Linux kernel, the following vulnerability has been resolved:
mtd: parsers: qcom: Fix kernel panic on skipped partition
|
2024-07-16 |
CVE-2022-48853 |
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: fix info leak with DMA_FROM_DEVICE
|
2024-07-16 |
CVE-2024-21160 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48859 |
In the Linux kernel, the following vulnerability has been resolved:
net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr
|
2024-07-16 |
CVE-2024-21145 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
|
2024-07-16 |
CVE-2022-48854 |
In the Linux kernel, the following vulnerability has been resolved:
net: arc_emac: Fix use after free in arc_mdio_probe()
|
2024-07-16 |
CVE-2022-48794 |
In the Linux kernel, the following vulnerability has been resolved:
net: ieee802154: at86rf230: Stop leaking skb's
|
2024-07-16 |
CVE-2024-21140 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
|
2024-07-16 |
CVE-2022-48856 |
In the Linux kernel, the following vulnerability has been resolved:
gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
|
2024-07-16 |
CVE-2024-21163 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
|
2024-07-16 |
CVE-2022-48778 |
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: gpmi: don't leak PM reference in error path
|
2024-07-16 |
CVE-2022-48795 |
In the Linux kernel, the following vulnerability has been resolved:
parisc: Fix data TLB miss in sba_unmap_sg
|
2024-07-16 |
CVE-2022-48818 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: don't use devres for mdiobus
|
2024-07-16 |
CVE-2022-48845 |
In the Linux kernel, the following vulnerability has been resolved:
MIPS: smp: fill in sibling and core maps earlier
|
2024-07-16 |
CVE-2022-48790 |
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix a possible use-after-free in controller reset during load
|
2024-07-16 |
CVE-2022-48787 |
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: fix use-after-free
|
2024-07-16 |
CVE-2022-48830 |
In the Linux kernel, the following vulnerability has been resolved:
can: isotp: fix potential CAN frame reception race in isotp_rcv()
|
2024-07-16 |
CVE-2024-21129 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-21127 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48781 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - get rid of alg_memory_allocated
|
2024-07-16 |
CVE-2024-21125 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48814 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: seville: register the mdiobus under devres
|
2024-07-16 |
CVE-2022-48834 |
In the Linux kernel, the following vulnerability has been resolved:
usb: usbtmc: Fix bug in pipe direction for control transfers
|
2024-07-16 |
CVE-2022-48848 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/osnoise: Do not unregister events twice
|
2024-07-16 |
CVE-2022-48805 |
In the Linux kernel, the following vulnerability has been resolved:
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
|
2024-07-16 |
CVE-2022-48823 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Fix refcount issue when LOGO is received during TMF
|
2024-07-16 |
CVE-2022-48785 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
|
2024-07-16 |
CVE-2022-48803 |
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: Fix missing sentinel for clk_div_table
|
2024-07-16 |
CVE-2022-48842 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix race condition during interface enslave
|
2024-07-16 |
CVE-2024-21162 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48806 |
In the Linux kernel, the following vulnerability has been resolved:
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
|
2024-07-16 |
CVE-2022-48837 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
|
2024-07-16 |
CVE-2022-48773 |
In the Linux kernel, the following vulnerability has been resolved:
xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
|
2024-07-16 |
CVE-2022-48822 |
In the Linux kernel, the following vulnerability has been resolved:
usb: f_fs: Fix use-after-free for epfile
|
2024-07-16 |
CVE-2022-48832 |
In the Linux kernel, the following vulnerability has been resolved:
audit: don't deref the syscall args when checking the openat2 open_how::flags
|
2024-07-16 |
CVE-2022-48843 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vrr: Set VRR capable prop only if it is attached to connector
|
2024-07-16 |
CVE-2024-20996 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48836 |
In the Linux kernel, the following vulnerability has been resolved:
Input: aiptek - properly check endpoint type
|
2024-07-16 |
CVE-2022-48863 |
In the Linux kernel, the following vulnerability has been resolved:
mISDN: Fix memory leak in dsp_pipeline_build()
|
2024-07-16 |
CVE-2024-21159 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2024-21173 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48841 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
|
2024-07-16 |
CVE-2024-21157 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48838 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
|
2024-07-16 |
CVE-2022-48858 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix a race on command flush flow
|
2024-07-16 |
CVE-2022-48796 |
In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix potential use-after-free during probe
|
2024-07-16 |
CVE-2024-21135 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48783 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: lantiq_gswip: fix use after free in gswip_remove()
|
2024-07-16 |
CVE-2024-21179 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48774 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ptdma: Fix the error handling path in pt_core_init()
|
2024-07-16 |
CVE-2022-48821 |
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: avoid double fput() on failed usercopy
|
2024-07-16 |
CVE-2024-21131 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
|
2024-07-16 |
CVE-2022-48855 |
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix kernel-infoleak for SCTP sockets
|
2024-07-16 |
CVE-2024-39908 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
|
2024-07-16 |
CVE-2022-48811 |
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: don't release napi in __ibmvnic_open()
|
2024-07-16 |
CVE-2024-21138 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-07-16 |
CVE-2024-21171 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48788 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-rdma: fix possible use-after-free in transport error_recovery work
|
2024-07-16 |
CVE-2022-48782 |
In the Linux kernel, the following vulnerability has been resolved:
mctp: fix use after free
|
2024-07-16 |
CVE-2024-21142 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-07-16 |
CVE-2022-48840 |
In the Linux kernel, the following vulnerability has been resolved:
iavf: Fix hang during reboot/shutdown
|
2024-07-16 |
CVE-2022-48829 |
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
|
2024-07-16 |
CVE-2022-48801 |
In the Linux kernel, the following vulnerability has been resolved:
iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL
|
2024-07-16 |
CVE-2022-48813 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: felix: don't use devres for mdiobus
|
2024-07-16 |
CVE-2022-48847 |
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Fix filter limit check
|
2024-07-16 |
CVE-2022-48804 |
In the Linux kernel, the following vulnerability has been resolved:
vt_ioctl: fix array_index_nospec in vt_setactivate
|
2024-07-16 |
CVE-2024-6345 |
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
|
2024-07-15 |
CVE-2024-6716 |
A flaw was found in libtiff. This flaw allows an attacker to create a crafted tiff file, forcing libtiff to allocate memory indefinitely. This issue can result in a denial of service of the system consuming libtiff due to memory starvation.
|
2024-07-15 |
CVE-2024-40929 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
|
2024-07-12 |
CVE-2024-40937 |
In the Linux kernel, the following vulnerability has been resolved:
gve: Clear napi->skb before dev_kfree_skb_any()
|
2024-07-12 |
CVE-2024-40907 |
In the Linux kernel, the following vulnerability has been resolved:
ionic: fix kernel panic in XDP_TX action
|
2024-07-12 |
CVE-2024-40940 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
|
2024-07-12 |
CVE-2024-40932 |
In the Linux kernel, the following vulnerability has been resolved:
drm/exynos/vidi: fix memory leak in .get_modes()
|
2024-07-12 |
CVE-2024-40906 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Always stop health timer during driver removal
|
2024-07-12 |
CVE-2024-41003 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix reg_set_min_max corruption of fake_reg
|
2024-07-12 |
CVE-2024-40955 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()
|
2024-07-12 |
CVE-2024-40925 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix request.queuelist usage in flush
|
2024-07-12 |
CVE-2024-39494 |
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix use-after-free on a dentry's dname.name
|
2024-07-12 |
CVE-2024-40981 |
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: bypass empty buckets in batadv_purge_orig_ref()
|
2024-07-12 |
CVE-2024-40949 |
In the Linux kernel, the following vulnerability has been resolved:
mm: shmem: fix getting incorrect lruvec when replacing a shmem folio
|
2024-07-12 |
CVE-2024-40956 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
|
2024-07-12 |
CVE-2024-40939 |
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
|
2024-07-12 |
CVE-2024-41006 |
In the Linux kernel, the following vulnerability has been resolved:
netrom: Fix a memory leak in nr_heartbeat_expiry()
|
2024-07-12 |
CVE-2024-40911 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: Lock wiphy in cfg80211_get_station
|
2024-07-12 |
CVE-2024-40962 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes
|
2024-07-12 |
CVE-2024-40923 |
In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: disable rx data ring on dma allocation failure
|
2024-07-12 |
CVE-2024-40971 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: remove clear SB_INLINECRYPT flag in default_options
|
2024-07-12 |
CVE-2024-40944 |
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: Fix bug with call depth tracking
|
2024-07-12 |
CVE-2024-40922 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: don't lock while !TASK_RUNNING
|
2024-07-12 |
CVE-2024-40902 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: xattr: fix buffer overflow for invalid xattr
|
2024-07-12 |
CVE-2024-40985 |
In the Linux kernel, the following vulnerability has been resolved:
net/tcp_ao: Don't leak ao_info on error-path
|
2024-07-12 |
CVE-2024-40950 |
In the Linux kernel, the following vulnerability has been resolved:
mm: huge_memory: fix misused mapping_large_folio_support() for anon folios
|
2024-07-12 |
CVE-2024-40917 |
In the Linux kernel, the following vulnerability has been resolved:
memblock: make memblock_set_node() also warn about use of MAX_NUMNODES
|
2024-07-12 |
CVE-2024-40942 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
|
2024-07-12 |
CVE-2024-39495 |
In the Linux kernel, the following vulnerability has been resolved:
greybus: Fix use-after-free bug in gb_interface_release due to race condition.
|
2024-07-12 |
CVE-2024-40951 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()
|
2024-07-12 |
CVE-2024-40952 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()
|
2024-07-12 |
CVE-2024-40963 |
In the Linux kernel, the following vulnerability has been resolved:
mips: bmips: BCM6358: make sure CBR is correctly set
|
2024-07-12 |
CVE-2024-39505 |
In the Linux kernel, the following vulnerability has been resolved:
drm/komeda: check for error-valued pointer
|
2024-07-12 |
CVE-2024-40965 |
In the Linux kernel, the following vulnerability has been resolved:
i2c: lpi2c: Avoid calling clk_get_rate during transfer
|
2024-07-12 |
CVE-2024-40999 |
In the Linux kernel, the following vulnerability has been resolved:
net: ena: Add validation for completion descriptors consistency
|
2024-07-12 |
CVE-2024-40916 |
In the Linux kernel, the following vulnerability has been resolved:
drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
|
2024-07-12 |
CVE-2024-40991 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id()
|
2024-07-12 |
CVE-2024-40919 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()
|
2024-07-12 |
CVE-2024-40915 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context
|
2024-07-12 |
CVE-2024-6655 |
gtk3: gtk2: Library injection from CWD
|
2024-07-11 |
CVE-2024-39491 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
|
2024-07-10 |
CVE-2024-39493 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
|
2024-07-10 |
CVE-2024-39492 |
In the Linux kernel, the following vulnerability has been resolved:
mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown
|
2024-07-10 |
CVE-2024-6603 |
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-6615 |
Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6608 |
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6612 |
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6607 |
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-38095 |
.NET and Visual Studio Denial of Service Vulnerability
|
2024-07-09 |
CVE-2024-6613 |
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6237 |
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
|
2024-07-09 |
CVE-2024-22020 |
A security flaw in Node.js allows a bypass of network import restrictions.
By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.
Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.
Exploiting this flaw can violate network import security, posing a risk to developers and servers.
|
2024-07-09 |
CVE-2024-37372 |
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
This vulnerability affects Windows users of the Node.js Permission Model in version v22.x and v20.x
|
2024-07-09 |
CVE-2024-38517 |
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
|
2024-07-09 |
CVE-2024-38081 |
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
|
2024-07-09 |
CVE-2024-3596 |
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
|
2024-07-09 |
CVE-2024-6610 |
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6604 |
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-39684 |
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.
|
2024-07-09 |
CVE-2024-6602 |
A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-6611 |
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6601 |
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-6600 |
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
|
2024-07-09 |
CVE-2024-6614 |
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6605 |
Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-36137 |
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
|
2024-07-09 |
CVE-2024-36138 |
The CVE-2024-27980 was identified as an incomplete fix for the BatBadBut vulnerability. This vulnerability arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
|
2024-07-09 |
CVE-2024-30105 |
.NET Core and Visual Studio Denial of Service Vulnerability
|
2024-07-09 |
CVE-2024-5569 |
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
|
2024-07-09 |
CVE-2024-6609 |
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-6606 |
Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128.
|
2024-07-09 |
CVE-2024-22018 |
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
|
2024-07-09 |
CVE-2024-35264 |
.NET and Visual Studio Remote Code Execution Vulnerability
|
2024-07-09 |
CVE-2024-38372 |
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.
|
2024-07-08 |
CVE-2024-24974 |
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
|
2024-07-08 |
CVE-2024-27903 |
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
|
2024-07-08 |
CVE-2024-27459 |
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
|
2024-07-08 |
CVE-2024-39695 |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
|
2024-07-08 |
CVE-2024-6409 |
A signal handler race condition vulnerability was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server.
|
2024-07-08 |
CVE-2024-6501 |
Given a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, someone could inject a malformed LLDP packet and NetworkManager would crash leading to a DoS.
|
2024-07-07 |
CVE-2023-39328 |
openjpeg: denail of service via crafted image file
|
2024-07-07 |
CVE-2023-39329 |
In openjepg, a resource exhaustion can occur in the opj_t1_decode_cblks function in the tcd.c through a crafted image file causing a denial of service.
|
2024-07-07 |
CVE-2024-39486 |
In the Linux kernel, the following vulnerability has been resolved:
drm/drm_file: Fix pid refcounting race
|
2024-07-06 |
CVE-2024-39477 |
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: do not call vma_add_reservation upon ENOMEM
|
2024-07-05 |
CVE-2024-39483 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
|
2024-07-05 |
CVE-2024-39485 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Properly re-initialise notifier entry in unregister
|
2024-07-05 |
CVE-2024-39481 |
In the Linux kernel, the following vulnerability has been resolved:
media: mc: Fix graph walk in media_pipeline_start
|
2024-07-05 |
CVE-2024-6505 |
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
|
2024-07-05 |
CVE-2024-39479 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/hwmon: Get rid of devm
|
2024-07-05 |
CVE-2024-39484 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: davinci: Don't strip remove function when driver is builtin
|
2024-07-05 |
CVE-2024-39475 |
In the Linux kernel, the following vulnerability has been resolved:
fbdev: savage: Handle err return when savagefb_check_var failed
|
2024-07-05 |
CVE-2024-39473 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
|
2024-07-05 |
CVE-2024-39689 |
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
|
2024-07-05 |
CVE-2024-39480 |
In the Linux kernel, the following vulnerability has been resolved:
kdb: Fix buffer overflow during tab-complete
|
2024-07-05 |
CVE-2024-39929 |
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
|
2024-07-04 |
CVE-2024-39936 |
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
|
2024-07-04 |
CVE-2024-39884 |
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.61, which fixes this issue.
|
2024-07-04 |
CVE-2024-29506 |
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
|
2024-07-03 |
CVE-2023-52168 |
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
|
2024-07-03 |
CVE-2024-29508 |
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
|
2024-07-03 |
CVE-2024-34750 |
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
|
2024-07-03 |
CVE-2024-29511 |
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
|
2024-07-03 |
CVE-2023-52169 |
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
|
2024-07-03 |
CVE-2024-29507 |
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
|
2024-07-03 |
CVE-2024-29509 |
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
|
2024-07-03 |
CVE-2024-39920 |
The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the "SnailLoad" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number.
|
2024-07-03 |
CVE-2024-4877 |
With OpenVPN on Windows platforms, a malicious process with "some" elevated privileges (SeImpersonatePrivilege) could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as.
|
2024-07-02 |
CVE-2024-39894 |
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
|
2024-07-02 |
CVE-2024-4467 |
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Amazon Linux has assessed CVE-2024-4467 for qemu-kvm. For AL1, backporting the fix as well as all the dependent changes will increase technical complexity. This will in turn increase the risk associated with this change. This risk outweighs the risk associated with the CVE and Amazon Linux will not be shipping a patch for CVE-2024-4467 on AL1 at this point.
Note: Amazon recommends upgrading to Amazon Linux 2 or Amazon Linux 2023. As a matter of general security practice, Amazon recommends to not rely on in-instance facilities for strong separation of privileges or data security compartments.
|
2024-07-02 |
CVE-2023-24531 |
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.
|
2024-07-02 |
CVE-2024-24791 |
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
|
2024-07-02 |
CVE-2024-38474 |
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
|
2024-07-01 |
CVE-2024-38476 |
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-6387 |
A signal handler race condition was found in the OpenSSH server (sshd). If a client does not authenticate within the LoginGraceTime period (120 seconds by default, or 600 seconds in older OpenSSH versions), the sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, such as syslog().
AL1 and AL2 comes with OpenSSH version 7.4p1. OpenSSH versions from 4.4p1 up to, but not including, 8.5p1 are not impacted by CVE-2024-6387.
|
2024-07-01 |
CVE-2024-38473 |
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-38477 |
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-36387 |
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
|
2024-07-01 |
CVE-2024-38472 |
SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
|
2024-07-01 |
CVE-2024-38475 |
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
|
2024-07-01 |
CVE-2024-39573 |
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
|
2024-07-01 |
CVE-2024-28882 |
An openvpn authenticated client can make the server "keep the session" even when the server has been told to disconnect this client
|
2024-06-29 |
CVE-2024-38525 |
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2.
|
2024-06-28 |
CVE-2024-37371 |
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
|
2024-06-28 |
CVE-2024-37370 |
krb5: GSS message token handling
|
2024-06-28 |
CVE-2024-5535 |
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accident in the case of a configuration or programming error in the calling
application.
The OpenSSL API function SSL_select_next_proto is typically used by TLS
applications that support ALPN (Application Layer Protocol Negotiation) or NPN
(Next Protocol Negotiation). NPN is older, was never standardised and
is deprecated in favour of ALPN. We believe that ALPN is significantly more
widely deployed than NPN. The SSL_select_next_proto function accepts a list of
protocols from the server and a list of protocols from the client and returns
the first protocol that appears in the server list that also appears in the
client list. In the case of no overlap between the two lists it returns the
first item in the client list. In either case it will signal whether an overlap
between the two lists was found. In the case where SSL_select_next_proto is
called with a zero length client list it fails to notice this condition and
returns the memory immediately following the client list pointer (and reports
that there was no overlap in the lists).
This function is typically called from a server side application callback for
ALPN or a client side application callback for NPN. In the case of ALPN the list
of protocols supplied by the client is guaranteed by libssl to never be zero in
length. The list of server protocols comes from the application and should never
normally be expected to be of zero length. In this case if the
SSL_select_next_proto function has been called as expected (with the list
supplied by the client passed in the client/client_len parameters), then the
application will not be vulnerable to this issue. If the application has
accidentally been configured with a zero length server list, and has
accidentally passed that zero length server list in the client/client_len
parameters, and has additionally failed to correctly handle a "no overlap"
response (which would normally result in a handshake failure in ALPN) then it
will be vulnerable to this problem.
In the case of NPN, the protocol permits the client to opportunistically select
a protocol when there is no overlap. OpenSSL returns the first client protocol
in the no overlap case in support of this. The list of client protocols comes
from the application and should never normally be expected to be of zero length.
However if the SSL_select_next_proto function is accidentally called with a
client_len of 0 then an invalid memory pointer will be returned instead. If the
application uses this output as the opportunistic protocol then the loss of
confidentiality will occur.
This issue has been assessed as Low severity because applications are most
likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not
widely used. It also requires an application configuration or programming error.
Finally, this issue would not typically be under attacker control making active
exploitation unlikely.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Due to the low severity of this issue we are not issuing new releases of
OpenSSL at this time. The fix will be included in the next releases when they
become available.
|
2024-06-27 |
CVE-2024-39134 |
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.
|
2024-06-27 |
CVE-2024-39133 |
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c.
|
2024-06-27 |
CVE-2016-20022 |
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.
|
2024-06-27 |
CVE-2024-5642 |
CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
|
2024-06-27 |
CVE-2024-28820 |
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.
|
2024-06-27 |
CVE-2024-5594 |
A malicious openvpn peer can send garbage to openvpn log, or cause high CPU load.
|
2024-06-26 |
CVE-2024-39301 |
In the Linux kernel, the following vulnerability has been resolved:
net/9p: fix uninit-value in p9_client_rpc()
|
2024-06-25 |
CVE-2024-5261 |
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification
LibreOfficeKit can be used for accessing LibreOffice functionality
through C/C++. Typically this is used by third party components to reuse
LibreOffice as a library to convert, view or otherwise interact with
documents.
LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.
In
affected versions of LibreOffice, when used in LibreOfficeKit mode
only, then curl's TLS certification verification was disabled
(CURLOPT_SSL_VERIFYPEER of false)
In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.
This issue affects LibreOffice before version 24.2.4.
|
2024-06-25 |
CVE-2024-38661 |
In the Linux kernel, the following vulnerability has been resolved:
s390/ap: Fix crash in AP internal function modify_bitmap()
|
2024-06-25 |
CVE-2021-4440 |
In the Linux kernel, the following vulnerability has been resolved:
x86/xen: Drop USERGS_SYSRET64 paravirt call
|
2024-06-25 |
CVE-2024-39464 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Fix notifier list entry init
|
2024-06-25 |
CVE-2024-39470 |
In the Linux kernel, the following vulnerability has been resolved:
eventfs: Fix a possible null pointer dereference in eventfs_find_events()
|
2024-06-25 |
CVE-2022-48772 |
In the Linux kernel, the following vulnerability has been resolved:
media: lgdt3306a: Add a check against null-pointer-def
|
2024-06-25 |
CVE-2024-39462 |
In the Linux kernel, the following vulnerability has been resolved:
clk: bcm: dvp: Assign ->num before accessing ->hws
|
2024-06-25 |
CVE-2024-39296 |
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix oops during rmmod
|
2024-06-25 |
CVE-2024-3447 |
QEMU: sdhci: heap buffer overflow in sdhci_write_dataport()
|
2024-06-25 |
CVE-2024-39463 |
In the Linux kernel, the following vulnerability has been resolved:
9p: add missing locking around taking dentry fid list
|
2024-06-25 |
CVE-2024-39466 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/qcom/lmh: Check for SCM availability at probe
|
2024-06-25 |
CVE-2024-37894 |
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
|
2024-06-25 |
CVE-2024-39467 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
|
2024-06-25 |
CVE-2024-39465 |
In the Linux kernel, the following vulnerability has been resolved:
media: mgb4: Fix double debugfs remove
|
2024-06-25 |
CVE-2024-38306 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: protect folio::private when attaching extent buffer folios
|
2024-06-25 |
CVE-2024-38385 |
In the Linux kernel, the following vulnerability has been resolved:
genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
|
2024-06-25 |
CVE-2024-39461 |
In the Linux kernel, the following vulnerability has been resolved:
clk: bcm: rpi: Assign ->num before accessing ->hws
|
2024-06-25 |
CVE-2024-33847 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: don't allow unaligned truncation on released compress inode
|
2024-06-24 |
CVE-2024-39292 |
In the Linux kernel, the following vulnerability has been resolved:
um: Add winch to winch_handlers before registering winch IRQ
|
2024-06-24 |
CVE-2024-38663 |
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from resetting io stat
|
2024-06-24 |
CVE-2024-39291 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()
|
2024-06-24 |
CVE-2024-38664 |
In the Linux kernel, the following vulnerability has been resolved:
drm: zynqmp_dpsub: Always register bridge
|
2024-06-24 |
CVE-2024-38384 |
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
|
2024-06-24 |
CVE-2024-34030 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: of_property: Return error for int_map allocation failure
|
2024-06-24 |
CVE-2024-32936 |
In the Linux kernel, the following vulnerability has been resolved:
media: ti: j721e-csi2rx: Fix races while restarting DMA
|
2024-06-24 |
CVE-2024-38667 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: prevent pt_regs corruption for secondary idle threads
|
2024-06-24 |
CVE-2024-36479 |
In the Linux kernel, the following vulnerability has been resolved:
fpga: bridge: add owner module and take its refcount
|
2024-06-24 |
CVE-2024-37026 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Only use reserved BCS instances for usm migrate exec queue
|
2024-06-24 |
CVE-2024-35247 |
In the Linux kernel, the following vulnerability has been resolved:
fpga: region: add owner module and take its refcount
|
2024-06-24 |
CVE-2024-34027 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
|
2024-06-24 |
CVE-2024-6104 |
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
|
2024-06-24 |
CVE-2024-37021 |
In the Linux kernel, the following vulnerability has been resolved:
fpga: manager: add owner module and take its refcount
|
2024-06-24 |
CVE-2024-39331 |
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
|
2024-06-23 |
CVE-2024-31076 |
In the Linux kernel, the following vulnerability has been resolved:
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
|
2024-06-21 |
CVE-2024-39277 |
In the Linux kernel, the following vulnerability has been resolved:
dma-mapping: benchmark: handle NUMA_NO_NODE correctly
|
2024-06-21 |
CVE-2024-38659 |
In the Linux kernel, the following vulnerability has been resolved:
enic: Validate length of nl attributes in enic_set_vf_port
|
2024-06-21 |
CVE-2024-38662 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Allow delete from sockmap/sockhash only if update is allowed
|
2024-06-21 |
CVE-2024-38626 |
In the Linux kernel, the following vulnerability has been resolved:
fuse: clear FR_SENT when re-adding requests into pending list
|
2024-06-21 |
CVE-2024-38622 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: Add callback function pointer check before its call
|
2024-06-21 |
CVE-2024-38628 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
|
2024-06-21 |
CVE-2024-38623 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Use variable length array instead of fixed size
|
2024-06-21 |
CVE-2024-38636 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: multidev: fix to recognize valid zero block address
|
2024-06-21 |
CVE-2024-36286 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
|
2024-06-21 |
CVE-2024-38632 |
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: fix potential memory leak in vfio_intx_enable()
|
2024-06-21 |
CVE-2024-38627 |
In the Linux kernel, the following vulnerability has been resolved:
stm class: Fix a double free in stm_register_device()
|
2024-06-21 |
CVE-2024-36477 |
In the Linux kernel, the following vulnerability has been resolved:
tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
|
2024-06-21 |
CVE-2023-52884 |
In the Linux kernel, the following vulnerability has been resolved:
Input: cyapa - add missing input core locking to suspend/resume functions
|
2024-06-21 |
CVE-2024-36270 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: tproxy: bail out if IP has been disabled on the device
|
2024-06-21 |
CVE-2024-38629 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Avoid unnecessary destruction of file_ida
|
2024-06-21 |
CVE-2024-38633 |
In the Linux kernel, the following vulnerability has been resolved:
serial: max3100: Update uart_driver_registered on driver removal
|
2024-06-21 |
CVE-2024-36288 |
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
|
2024-06-21 |
CVE-2024-38390 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
|
2024-06-21 |
CVE-2024-34777 |
In the Linux kernel, the following vulnerability has been resolved:
dma-mapping: benchmark: fix node id validation
|
2024-06-21 |
CVE-2024-38624 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
|
2024-06-21 |
CVE-2024-38388 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
|
2024-06-21 |
CVE-2024-33619 |
In the Linux kernel, the following vulnerability has been resolved:
efi: libstub: only free priv.runtime_map when allocated
|
2024-06-21 |
CVE-2024-38780 |
In the Linux kernel, the following vulnerability has been resolved:
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
|
2024-06-21 |
CVE-2024-38381 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_rx_work
|
2024-06-21 |
CVE-2024-33621 |
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
|
2024-06-21 |
CVE-2024-38630 |
In the Linux kernel, the following vulnerability has been resolved:
watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
|
2024-06-21 |
CVE-2024-38625 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check 'folio' pointer for NULL
|
2024-06-21 |
CVE-2024-36481 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/probes: fix error check in parse_btf_field()
|
2024-06-21 |
CVE-2024-36489 |
In the Linux kernel, the following vulnerability has been resolved:
tls: fix missing memory barrier in tls_init
|
2024-06-21 |
CVE-2024-38631 |
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: PAC1934: fix accessing out of bounds array index
|
2024-06-21 |
CVE-2024-38634 |
In the Linux kernel, the following vulnerability has been resolved:
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
|
2024-06-21 |
CVE-2024-36244 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: extend minimum interval restriction to entire cycle too
|
2024-06-21 |
CVE-2024-36484 |
In the Linux kernel, the following vulnerability has been resolved:
net: relax socket state check at accept time.
|
2024-06-21 |
CVE-2024-36281 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
|
2024-06-21 |
CVE-2024-38635 |
In the Linux kernel, the following vulnerability has been resolved:
soundwire: cadence: fix invalid PDI offset
|
2024-06-21 |
CVE-2024-6239 |
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
|
2024-06-21 |
CVE-2024-38621 |
In the Linux kernel, the following vulnerability has been resolved:
media: stk1160: fix bounds checking in stk1160_copy_video()
|
2024-06-21 |
CVE-2024-37356 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
|
2024-06-21 |
CVE-2024-38637 |
In the Linux kernel, the following vulnerability has been resolved:
greybus: lights: check return of get_channel_from_mode
|
2024-06-21 |
CVE-2024-37353 |
In the Linux kernel, the following vulnerability has been resolved:
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
|
2024-06-21 |
CVE-2022-48726 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/ucma: Protect mc during concurrent multicast leaves
|
2024-06-20 |
CVE-2022-48752 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
|
2024-06-20 |
CVE-2022-48724 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
|
2024-06-20 |
CVE-2024-38620 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: HCI: Remove HCI_AMP support
|
2024-06-20 |
CVE-2022-48739 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: hdmi-codec: Fix OOB memory accesses
|
2024-06-20 |
CVE-2022-48769 |
In the Linux kernel, the following vulnerability has been resolved:
efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
|
2024-06-20 |
CVE-2022-48721 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Forward wakeup to smc socket waitqueue after fallback
|
2024-06-20 |
CVE-2022-48749 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
|
2024-06-20 |
CVE-2022-48734 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix deadlock between quota disable and qgroup rescan worker
|
2024-06-20 |
CVE-2022-48745 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Use del_timer_sync in fw reset flow of halting poll
|
2024-06-20 |
CVE-2022-48747 |
In the Linux kernel, the following vulnerability has been resolved:
block: Fix wrong offset in bio_truncate()
|
2024-06-20 |
CVE-2022-48718 |
In the Linux kernel, the following vulnerability has been resolved:
drm: mxsfb: Fix NULL pointer dereference
|
2024-06-20 |
CVE-2022-48720 |
In the Linux kernel, the following vulnerability has been resolved:
net: macsec: Fix offload support for NETDEV_UNREGISTER event
|
2024-06-20 |
CVE-2022-48732 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix off by one in BIOS boundary checking
|
2024-06-20 |
CVE-2022-48750 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775) Fix crash in clear_caseopen
|
2024-06-20 |
CVE-2022-48740 |
In the Linux kernel, the following vulnerability has been resolved:
selinux: fix double free of cond_list on error paths
|
2024-06-20 |
CVE-2022-48762 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: extable: fix load_unaligned_zeropad() reg indices
|
2024-06-20 |
CVE-2022-48767 |
In the Linux kernel, the following vulnerability has been resolved:
ceph: properly put ceph_string reference after async create attempt
|
2024-06-20 |
CVE-2022-48746 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix handling of wrong devices during bond netevent
|
2024-06-20 |
CVE-2022-48730 |
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix potential spectre v1 gadget
|
2024-06-20 |
CVE-2022-48759 |
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
|
2024-06-20 |
CVE-2022-48768 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/histogram: Fix a potential memory leak for kstrdup()
|
2024-06-20 |
CVE-2022-48763 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Forcibly leave nested virt when SMM state is toggled
|
2024-06-20 |
CVE-2021-47619 |
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix queues reservation for XDP
|
2024-06-20 |
CVE-2022-48723 |
In the Linux kernel, the following vulnerability has been resolved:
spi: uniphier: fix reference count leak in uniphier_spi_probe()
|
2024-06-20 |
CVE-2022-48764 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}
|
2024-06-20 |
CVE-2022-48743 |
In the Linux kernel, the following vulnerability has been resolved:
net: amd-xgbe: Fix skb data length underflow
|
2024-06-20 |
CVE-2022-48753 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix memory leak in disk_register_independent_access_ranges
|
2024-06-20 |
CVE-2024-37676 |
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.
|
2024-06-20 |
CVE-2022-48760 |
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix hang in usb_kill_urb by adding memory barriers
|
2024-06-20 |
CVE-2022-48717 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: max9759: fix underflow in speaker_gain_control_put()
|
2024-06-20 |
CVE-2022-48711 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: improve size validations for received domain records
|
2024-06-20 |
CVE-2021-4439 |
In the Linux kernel, the following vulnerability has been resolved:
isdn: cpai: check ctr->cnr to avoid array index out of bound
|
2024-06-20 |
CVE-2022-48744 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Avoid field-overflowing memcpy()
|
2024-06-20 |
CVE-2022-48761 |
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci-plat: fix crash when suspend if remote wake enable
|
2024-06-20 |
CVE-2022-48754 |
In the Linux kernel, the following vulnerability has been resolved:
phylib: fix potential use-after-free
|
2024-06-20 |
CVE-2022-48735 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix UAF of leds class devs at unbinding
|
2024-06-20 |
CVE-2022-48770 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
|
2024-06-20 |
CVE-2022-48766 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.
|
2024-06-20 |
CVE-2022-48751 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Transitional solution for clcsock race issue
|
2024-06-20 |
CVE-2022-48712 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix error handling in ext4_fc_record_modified_inode()
|
2024-06-20 |
CVE-2022-48758 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
|
2024-06-20 |
CVE-2021-47618 |
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9170/1: fix panic when kasan and kprobe are enabled
|
2024-06-20 |
CVE-2021-47620 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: refactor malicious adv data check
|
2024-06-20 |
CVE-2022-48765 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: LAPIC: Also cancel preemption timer during SET_LAPIC
|
2024-06-20 |
CVE-2022-48771 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix stale file descriptors on failed usercopy
|
2024-06-20 |
CVE-2022-48716 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd938x: fix incorrect used of portid
|
2024-06-20 |
CVE-2022-48755 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
|
2024-06-20 |
CVE-2022-48756 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
|
2024-06-20 |
CVE-2022-48728 |
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix AIP early init panic
|
2024-06-20 |
CVE-2023-52883 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix possible null pointer dereference
|
2024-06-20 |
CVE-2022-48733 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free after failure to create a snapshot
|
2024-06-20 |
CVE-2022-48742 |
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
|
2024-06-20 |
CVE-2022-48741 |
In the Linux kernel, the following vulnerability has been resolved:
ovl: fix NULL pointer dereference in copy up warning
|
2024-06-20 |
CVE-2022-48714 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
|
2024-06-20 |
CVE-2022-48748 |
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: vlan: fix memory leak in __allowed_ingress
|
2024-06-20 |
CVE-2022-48722 |
In the Linux kernel, the following vulnerability has been resolved:
net: ieee802154: ca8210: Stop leaking skb's
|
2024-06-20 |
CVE-2022-48713 |
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel/pt: Fix crash with stop filters in single-range mode
|
2024-06-20 |
CVE-2022-48725 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/siw: Fix refcounting leak in siw_create_qp()
|
2024-06-20 |
CVE-2022-48715 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
|
2024-06-20 |
CVE-2024-38619 |
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Check whether the media is initialized
|
2024-06-20 |
CVE-2024-38557 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Reload only IB representors upon lag disable/enable
|
2024-06-19 |
CVE-2024-38574 |
In the Linux kernel, the following vulnerability has been resolved:
libbpf: Prevent null-pointer dereference when prog to load has no BTF
|
2024-06-19 |
CVE-2021-47615 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow
|
2024-06-19 |
CVE-2021-47584 |
In the Linux kernel, the following vulnerability has been resolved:
iocost: Fix divide-by-zero on donation from low hweight cgroup
|
2024-06-19 |
CVE-2021-47597 |
In the Linux kernel, the following vulnerability has been resolved:
inet_diag: fix kernel-infoleak for UDP sockets
|
2024-06-19 |
CVE-2024-38550 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: kirkwood: Fix potential NULL dereference
|
2024-06-19 |
CVE-2024-38611 |
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: et8ek8: Don't strip remove function when driver is builtin
|
2024-06-19 |
CVE-2024-38604 |
In the Linux kernel, the following vulnerability has been resolved:
block: refine the EOF check in blkdev_iomap_begin
|
2024-06-19 |
CVE-2021-47607 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
|
2024-06-19 |
CVE-2024-38575 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: pcie: handle randbuf allocation failure
|
2024-06-19 |
CVE-2024-38540 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
|
2024-06-19 |
CVE-2021-47589 |
In the Linux kernel, the following vulnerability has been resolved:
igbvf: fix double free in `igbvf_probe`
|
2024-06-19 |
CVE-2021-47608 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix kernel address leakage in atomic fetch
|
2024-06-19 |
CVE-2024-38579 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: bcm - Fix pointer arithmetic
|
2024-06-19 |
CVE-2024-38609 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: connac: check for null before dereferencing
|
2024-06-19 |
CVE-2024-38592 |
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Init `ddp_comp` with devm_kcalloc()
|
2024-06-19 |
CVE-2021-47611 |
In the Linux kernel, the following vulnerability has been resolved:
mac80211: validate extended element ID is present
|
2024-06-19 |
CVE-2024-38613 |
In the Linux kernel, the following vulnerability has been resolved:
m68k: Fix spinlock race in kernel thread creation
|
2024-06-19 |
CVE-2024-38599 |
In the Linux kernel, the following vulnerability has been resolved:
jffs2: prevent xattr node from overflowing the eraseblock
|
2024-06-19 |
CVE-2021-47586 |
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
|
2024-06-19 |
CVE-2021-47587 |
In the Linux kernel, the following vulnerability has been resolved:
net: systemport: Add global locking for descriptor lifecycle
|
2024-06-19 |
CVE-2024-38566 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix verifier assumptions about socket->sk
|
2024-06-19 |
CVE-2021-47579 |
In the Linux kernel, the following vulnerability has been resolved:
ovl: fix warning in ovl_create_real()
|
2024-06-19 |
CVE-2024-38567 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: carl9170: add a proper sanity check for endpoints
|
2024-06-19 |
CVE-2021-47602 |
In the Linux kernel, the following vulnerability has been resolved:
mac80211: track only QoS data frames for admission control
|
2024-06-19 |
CVE-2024-38594 |
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: move the EST lock to struct stmmac_priv
|
2024-06-19 |
CVE-2021-47601 |
In the Linux kernel, the following vulnerability has been resolved:
tee: amdtee: fix an IS_ERR() vs NULL bug
|
2024-06-19 |
CVE-2021-47613 |
In the Linux kernel, the following vulnerability has been resolved:
i2c: virtio: fix completion handling
|
2024-06-19 |
CVE-2021-47595 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_ets: don't remove idle classes from the round-robin list
|
2024-06-19 |
CVE-2021-47578 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_debug: Don't call kcalloc() if size arg is zero
|
2024-06-19 |
CVE-2021-47599 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: use latest_dev in btrfs_show_devname
|
2024-06-19 |
CVE-2021-47588 |
In the Linux kernel, the following vulnerability has been resolved:
sit: do not call ipip6_dev_free() from sit_init_net()
|
2024-06-19 |
CVE-2021-47585 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix memory leak in __add_inode_ref()
|
2024-06-19 |
CVE-2021-47605 |
In the Linux kernel, the following vulnerability has been resolved:
vduse: fix memory corruption in vduse_dev_ioctl()
|
2024-06-19 |
CVE-2024-38593 |
In the Linux kernel, the following vulnerability has been resolved:
net: micrel: Fix receiving the timestamp in the frame for lan8841
|
2024-06-19 |
CVE-2021-47614 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix a user-after-free in add_pble_prm
|
2024-06-19 |
CVE-2021-47593 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: clear 'kern' flag from fallback sockets
|
2024-06-19 |
CVE-2024-38614 |
In the Linux kernel, the following vulnerability has been resolved:
openrisc: traps: Don't send signals to kernel mode threads
|
2024-06-19 |
CVE-2024-38553 |
In the Linux kernel, the following vulnerability has been resolved:
net: fec: remove .ndo_poll_controller to avoid deadlocks
|
2024-06-19 |
CVE-2021-47603 |
In the Linux kernel, the following vulnerability has been resolved:
audit: improve robustness of the audit queue handling
|
2024-06-19 |
CVE-2021-47591 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: remove tcp ulp setsockopt support
|
2024-06-19 |
CVE-2021-47590 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix deadlock in __mptcp_push_pending()
|
2024-06-19 |
CVE-2021-47612 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: fix segfault in nfc_genl_dump_devices_done
|
2024-06-19 |
CVE-2024-38590 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Modify the print level of CQE error
|
2024-06-19 |
CVE-2024-38565 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ar5523: enable proper endpoint verification
|
2024-06-19 |
CVE-2024-38600 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: Fix deadlocks with kctl removals at disconnection
|
2024-06-19 |
CVE-2024-38617 |
In the Linux kernel, the following vulnerability has been resolved:
kunit/fortify: Fix mismatched kvalloc()/vfree() usage
|
2024-06-19 |
CVE-2021-47604 |
In the Linux kernel, the following vulnerability has been resolved:
vduse: check that offset is within bounds in get_config()
|
2024-06-19 |
CVE-2024-38585 |
In the Linux kernel, the following vulnerability has been resolved:
tools/nolibc/stdlib: fix memory error in realloc()
|
2024-06-19 |
CVE-2024-38545 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix UAF for cq async event
|
2024-06-19 |
CVE-2024-38610 |
In the Linux kernel, the following vulnerability has been resolved:
drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
|
2024-06-19 |
CVE-2021-47577 |
In the Linux kernel, the following vulnerability has been resolved:
io-wq: check for wq exit after adding new worker task_work
|
2024-06-19 |
CVE-2024-38539 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw
|
2024-06-19 |
CVE-2021-47598 |
In the Linux kernel, the following vulnerability has been resolved:
sch_cake: do not call cake_destroy() from cake_init()
|
2024-06-19 |
CVE-2024-38563 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature
|
2024-06-19 |
CVE-2021-47583 |
In the Linux kernel, the following vulnerability has been resolved:
media: mxl111sf: change mutex_init() location
|
2024-06-19 |
CVE-2024-38606 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - validate slices count returned by FW
|
2024-06-19 |
CVE-2024-38616 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: carl9170: re-fix fortified-memset warning
|
2024-06-19 |
CVE-2021-47580 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_debug: Fix type in min_t to avoid stack OOB
|
2024-06-19 |
CVE-2021-47596 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
|
2024-06-19 |
CVE-2024-38584 |
In the Linux kernel, the following vulnerability has been resolved:
net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()
|
2024-06-19 |
CVE-2024-38549 |
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
|
2024-06-19 |
CVE-2021-47609 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
|
2024-06-19 |
CVE-2024-38607 |
In the Linux kernel, the following vulnerability has been resolved:
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
|
2024-06-19 |
CVE-2021-47576 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
|
2024-06-19 |
CVE-2024-38591 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix deadlock on SRQ async events.
|
2024-06-19 |
CVE-2024-38546 |
In the Linux kernel, the following vulnerability has been resolved:
drm: vc4: Fix possible null pointer dereference
|
2024-06-19 |
CVE-2021-47610 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix null ptr access msm_ioctl_gem_submit()
|
2024-06-19 |
CVE-2021-47582 |
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Make do_proc_control() and do_proc_bulk() killable
|
2024-06-19 |
CVE-2024-38597 |
In the Linux kernel, the following vulnerability has been resolved:
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
|
2024-06-19 |
CVE-2021-47606 |
In the Linux kernel, the following vulnerability has been resolved:
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
|
2024-06-19 |
CVE-2024-38595 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix peer devlink set for SF representor devlink port
|
2024-06-19 |
CVE-2024-38562 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: Avoid address calculations via out of bounds array indexing
|
2024-06-19 |
CVE-2021-47594 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: never allow the PM to close a listener subflow
|
2024-06-19 |
CVE-2021-47600 |
In the Linux kernel, the following vulnerability has been resolved:
dm btree remove: fix use after free in rebalance_children()
|
2024-06-19 |
CVE-2021-47616 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA: Fix use-after-free in rxe_queue_cleanup
|
2024-06-19 |
CVE-2024-38571 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/tsens: Fix null pointer dereference
|
2024-06-19 |
CVE-2024-38543 |
In the Linux kernel, the following vulnerability has been resolved:
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
|
2024-06-19 |
CVE-2021-47592 |
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: fix tc flower deletion for VLAN priority Rx steering
|
2024-06-19 |
CVE-2024-5953 |
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
|
2024-06-18 |
CVE-2024-36974 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
|
2024-06-18 |
CVE-2024-36977 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: Wait unconditionally after issuing EndXfer command
|
2024-06-18 |
CVE-2024-36976 |
In the Linux kernel, the following vulnerability has been resolved:
Revert "media: v4l2-ctrls: show all owned controls in log_status"
|
2024-06-18 |
CVE-2024-37891 |
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.
|
2024-06-17 |
CVE-2018-25103 |
There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
|
2024-06-17 |
CVE-2024-4032 |
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.
CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
|
2024-06-17 |
CVE-2024-0397 |
A defect was discovered in the Python “ssl” module where there is a memory
race condition with the ssl.SSLContext methods “cert_store_stats()” and
“get_ca_certs()”. The race condition can be triggered if the methods are
called at the same time as certificates are loaded into the SSLContext,
such as during the TLS handshake with a certificate directory configured.
This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
|
2024-06-17 |
CVE-2024-36973 |
In the Linux kernel, the following vulnerability has been resolved:
misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()
|
2024-06-17 |
CVE-2024-38394 |
Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
|
2024-06-16 |
CVE-2024-38428 |
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
|
2024-06-16 |
CVE-2024-36600 |
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
|
2024-06-14 |
CVE-2024-3183 |
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
|
2024-06-12 |
CVE-2024-2698 |
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.
In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.
|
2024-06-12 |
CVE-2024-5692 |
On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
|
2024-06-11 |
CVE-2024-5696 |
By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
|
2024-06-11 |
CVE-2024-5688 |
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
|
2024-06-11 |
CVE-2024-5693 |
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
|
2024-06-11 |
CVE-2024-5702 |
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125 and Firefox ESR < 115.12.
|
2024-06-11 |
CVE-2024-5700 |
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
|
2024-06-11 |
CVE-2024-5691 |
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
|
2024-06-11 |
CVE-2024-35255 |
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
|
2024-06-11 |
CVE-2023-4727 |
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
|
2024-06-11 |
CVE-2024-35235 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.
|
2024-06-11 |
CVE-2024-5690 |
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
|
2024-06-11 |
CVE-2024-36971 |
In the Linux kernel, the following vulnerability has been resolved:
net: fix __dst_negative_advice() race
|
2024-06-10 |
CVE-2024-27838 |
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
|
2024-06-10 |
CVE-2024-35241 |
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.
|
2024-06-10 |
CVE-2024-27830 |
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
|
2024-06-10 |
CVE-2024-27851 |
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
|
2024-06-10 |
CVE-2024-0092 |
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
|
2024-06-10 |
CVE-2024-27808 |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
|
2024-06-10 |
CVE-2024-27820 |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
|
2024-06-10 |
CVE-2024-27833 |
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.
|
2024-06-10 |
CVE-2024-35242 |
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
|
2024-06-10 |
CVE-2024-27850 |
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.
|
2024-06-10 |
CVE-2024-2408 |
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.
PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.
|
2024-06-09 |
CVE-2024-4577 |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
|
2024-06-09 |
CVE-2024-5458 |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
|
2024-06-09 |
CVE-2024-37535 |
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.
|
2024-06-09 |
CVE-2024-5585 |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
|
2024-06-09 |
CVE-2024-36970 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: Use request_module_nowait
|
2024-06-08 |
CVE-2024-37408 |
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo.
|
2024-06-08 |
CVE-2024-37407 |
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
|
2024-06-08 |
CVE-2024-36966 |
In the Linux kernel, the following vulnerability has been resolved:
erofs: reliably distinguish block based and fscache mode
|
2024-06-08 |
CVE-2024-5742 |
nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
|
2024-06-08 |
CVE-2024-0091 |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
|
2024-06-08 |
CVE-2024-36965 |
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
|
2024-06-08 |
CVE-2024-0090 |
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
2024-06-08 |
CVE-2024-36968 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
|
2024-06-08 |
CVE-2024-3049 |
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
|
2024-06-06 |
CVE-2023-49441 |
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
|
2024-06-06 |
CVE-2024-24790 |
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
|
2024-06-05 |
CVE-2024-24789 |
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
|
2024-06-05 |
CVE-2024-5629 |
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
|
2024-06-05 |
CVE-2024-34055 |
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
|
2024-06-05 |
CVE-2024-36129 |
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.
|
2024-06-05 |
CVE-2024-34363 |
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
|
2024-06-04 |
CVE-2024-32976 |
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
|
2024-06-04 |
CVE-2024-34362 |
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.
|
2024-06-04 |
CVE-2024-32975 |
Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.
|
2024-06-04 |
CVE-2024-34364 |
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
|
2024-06-04 |
CVE-2024-23326 |
Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
|
2024-06-04 |
CVE-2024-32974 |
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
|
2024-06-04 |
CVE-2024-36961 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/debugfs: Fix two locking issues with thermal zone debug
|
2024-06-03 |
CVE-2024-36963 |
In the Linux kernel, the following vulnerability has been resolved:
tracefs: Reset permissions on remount if permissions are options
|
2024-06-03 |
CVE-2024-36960 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix invalid reads in fence signaled events
|
2024-06-03 |
CVE-2024-36124 |
iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.
|
2024-06-03 |
CVE-2024-36964 |
In the Linux kernel, the following vulnerability has been resolved:
fs/9p: only translate RWX permissions for plain 9P2000
|
2024-06-03 |
CVE-2024-36962 |
In the Linux kernel, the following vulnerability has been resolved:
net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
|
2024-06-03 |
CVE-2024-5197 |
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond
|
2024-06-03 |
CVE-2024-5564 |
A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router advertisement packet via malicious user locally. This happens as libndp was not validating correctly the route length information and hence leading to a flaw. This affects versions of libndp >= 1.0.
|
2024-05-31 |
CVE-2024-36919 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
|
2024-05-30 |
CVE-2024-36033 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix info leak when fetching board id
|
2024-05-30 |
CVE-2024-36942 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix firmware check error path
|
2024-05-30 |
CVE-2024-36937 |
In the Linux kernel, the following vulnerability has been resolved:
xdp: use flags field to disambiguate broadcast redirect
|
2024-05-30 |
CVE-2024-36018 |
In the Linux kernel, the following vulnerability has been resolved:
nouveau/uvmm: fix addr/range calcs for remap operations
|
2024-05-30 |
CVE-2024-36932 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/debugfs: Prevent use-after-free from occurring after cdev removal
|
2024-05-30 |
CVE-2024-36933 |
In the Linux kernel, the following vulnerability has been resolved:
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
|
2024-05-30 |
CVE-2024-36030 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: fix the double free in rvu_npc_freemem()
Clang static checker(scan-build) warning:
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2
Attempt to free released memory.
npc_mcam_rsrcs_deinit() has released 'mcam->counters.bmap'. Deleted this
redundant kfree() to fix this double free problem.
|
2024-05-30 |
CVE-2024-36939 |
In the Linux kernel, the following vulnerability has been resolved:
nfs: Handle error of rpc_proc_register() in nfs_net_init().
|
2024-05-30 |
CVE-2024-36947 |
In the Linux kernel, the following vulnerability has been resolved:
qibfs: fix dentry leak
|
2024-05-30 |
CVE-2024-36906 |
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9381/1: kasan: clear stale stack poison
|
2024-05-30 |
CVE-2024-36032 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix info leak when fetching fw build id
|
2024-05-30 |
CVE-2024-36027 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
|
2024-05-30 |
CVE-2024-36905 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
|
2024-05-30 |
CVE-2023-52882 |
In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
|
2024-05-30 |
CVE-2024-36019 |
In the Linux kernel, the following vulnerability has been resolved:
regmap: maple: Fix cache corruption in regcache_maple_drop()
|
2024-05-30 |
CVE-2024-36946 |
In the Linux kernel, the following vulnerability has been resolved:
phonet: fix rtm_phonet_notify() skb allocation
|
2024-05-30 |
CVE-2024-36950 |
In the Linux kernel, the following vulnerability has been resolved:
firewire: ohci: mask bus reset interrupts between ISR and bottom half
|
2024-05-30 |
CVE-2024-1298 |
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
|
2024-05-30 |
CVE-2024-36029 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: sdhci-msm: pervent access to suspended controller
|
2024-05-30 |
CVE-2024-36945 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix neighbour and rtable leak in smc_ib_find_route()
|
2024-05-30 |
CVE-2024-36916 |
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: avoid out of bounds shift
|
2024-05-30 |
CVE-2024-36904 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
|
2024-05-30 |
CVE-2024-36926 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
|
2024-05-30 |
CVE-2024-36930 |
In the Linux kernel, the following vulnerability has been resolved:
spi: fix null pointer dereference within spi_sync
|
2024-05-30 |
CVE-2024-36934 |
In the Linux kernel, the following vulnerability has been resolved:
bna: ensure the copied buf is NUL terminated
|
2024-05-30 |
CVE-2024-36944 |
In the Linux kernel, the following vulnerability has been resolved:
Reapply "drm/qxl: simplify qxl_fence_wait"
|
2024-05-30 |
CVE-2024-36883 |
In the Linux kernel, the following vulnerability has been resolved:
net: fix out-of-bounds access in ops_init
|
2024-05-30 |
CVE-2024-36897 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Atom Integrated System Info v2_2 for DCN35
|
2024-05-30 |
CVE-2024-36957 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
|
2024-05-30 |
CVE-2024-36021 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix kernel crash when devlink reload during pf initialization
|
2024-05-30 |
CVE-2024-36893 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: Check for port partner validity before consuming it
|
2024-05-30 |
CVE-2024-36907 |
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: add a missing rpc_stat for TCP TLS
|
2024-05-30 |
CVE-2024-36017 |
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
|
2024-05-30 |
CVE-2024-36931 |
In the Linux kernel, the following vulnerability has been resolved:
s390/cio: Ensure the copied buf is NUL terminated
|
2024-05-30 |
CVE-2024-36900 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix kernel crash when devlink reload during initialization
|
2024-05-30 |
CVE-2024-36936 |
In the Linux kernel, the following vulnerability has been resolved:
efi/unaccepted: touch soft lockup during memory accept
|
2024-05-30 |
CVE-2024-36952 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
|
2024-05-30 |
CVE-2024-36887 |
In the Linux kernel, the following vulnerability has been resolved:
e1000e: change usleep_range to udelay in PHY mdic access
|
2024-05-30 |
CVE-2024-36954 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix a possible memleak in tipc_buf_append
|
2024-05-30 |
CVE-2024-36923 |
In the Linux kernel, the following vulnerability has been resolved:
fs/9p: fix uninitialized values during inode evict
|
2024-05-30 |
CVE-2024-36955 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
|
2024-05-30 |
CVE-2024-36880 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: add missing firmware sanity checks
|
2024-05-30 |
CVE-2024-36886 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix UAF in error path
|
2024-05-30 |
CVE-2024-36889 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: ensure snd_nxt is properly initialized on connect
|
2024-05-30 |
CVE-2024-36892 |
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: avoid zeroing outside-object freepointer for single free
|
2024-05-30 |
CVE-2024-36940 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: core: delete incorrect free in pinctrl_enable()
|
2024-05-30 |
CVE-2024-36929 |
In the Linux kernel, the following vulnerability has been resolved:
net: core: reject skb_copy(_expand) for fraglist GSO skbs
|
2024-05-30 |
CVE-2024-36925 |
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y
|
2024-05-30 |
CVE-2024-36941 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: don't free NULL coalescing rule
|
2024-05-30 |
CVE-2024-36928 |
In the Linux kernel, the following vulnerability has been resolved:
s390/qeth: Fix kernel panic after setting hsuid
|
2024-05-30 |
CVE-2024-36902 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
|
2024-05-30 |
CVE-2024-36959 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
|
2024-05-30 |
CVE-2024-36031 |
In the Linux kernel, the following vulnerability has been resolved:
keys: Fix overwrite of key expiration on instantiation
|
2024-05-30 |
CVE-2024-36938 |
In the Linux kernel, the following vulnerability has been resolved:
bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
|
2024-05-30 |
CVE-2024-34161 |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
|
2024-05-29 |
CVE-2024-31079 |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
|
2024-05-29 |
CVE-2024-36015 |
In the Linux kernel, the following vulnerability has been resolved:
ppdev: Add an error check in register_device
|
2024-05-29 |
CVE-2024-4741 |
openssl: Use After Free with SSL_free_buffers
|
2024-05-29 |
CVE-2023-52881 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: do not accept ACK of bytes we never sent
|
2024-05-29 |
CVE-2024-35200 |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
|
2024-05-29 |
CVE-2024-32760 |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
|
2024-05-29 |
CVE-2024-36472 |
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
|
2024-05-28 |
CVE-2024-31969 |
In sudo-1.8.23-10.amzn2.3.6 (Amazon Linux 2) and sudo-1.8.23-10.58.amzn1 (Amazon Linux 1), a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been fixed in sudo-1.8.23-10.amzn2.3.7 (AL2) and sudo-1.8.23-10.59.amzn1 (AL1).
|
2024-05-28 |
CVE-2024-3657 |
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
|
2024-05-28 |
CVE-2024-2199 |
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
|
2024-05-28 |
CVE-2023-6349 |
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.
We recommend upgrading to version 1.13.1 or above
|
2024-05-27 |
CVE-2021-47529 |
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: Fix memory leaks in error handling path
|
2024-05-24 |
CVE-2021-47520 |
In the Linux kernel, the following vulnerability has been resolved:
can: pch_can: pch_can_rx_normal: fix use after free
|
2024-05-24 |
CVE-2021-47561 |
In the Linux kernel, the following vulnerability has been resolved:
i2c: virtio: disable timeout handling
|
2024-05-24 |
CVE-2021-47536 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix wrong list_del in smc_lgr_cleanup_early
smc_lgr_cleanup_early() meant to delete the link
group from the link group list, but it deleted
the list head by mistake.
This may cause memory corruption since we didn't
remove the real link group from the list and later
memseted the link group structure.
We got a list corruption panic when testing:
[ 231.277259] list_del corruption. prev->next should be ffff8881398a8000, but was 0000000000000000
[ 231.278222] ------------[ cut here ]------------
[ 231.278726] kernel BUG at lib/list_debug.c:53!
[ 231.279326] invalid opcode: 0000 [#1] SMP NOPTI
[ 231.279803] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.46+ #435
[ 231.280466] Hardware name: Alibaba Cloud ECS, BIOS 8c24b4c 04/01/2014
[ 231.281248] Workqueue: events smc_link_down_work
[ 231.281732] RIP: 0010:__list_del_entry_valid+0x70/0x90
[ 231.282258] Code: 4c 60 82 e8 7d cc 6a 00 0f 0b 48 89 fe 48 c7 c7 88 4c
60 82 e8 6c cc 6a 00 0f 0b 48 89 fe 48 c7 c7 c0 4c 60 82 e8 5b cc 6a 00 <0f>
0b 48 89 fe 48 c7 c7 00 4d 60 82 e8 4a cc 6a 00 0f 0b cc cc cc
[ 231.284146] RSP: 0018:ffffc90000033d58 EFLAGS: 00010292
[ 231.284685] RAX: 0000000000000054 RBX: ffff8881398a8000 RCX: 0000000000000000
[ 231.285415] RDX: 0000000000000001 RSI: ffff88813bc18040 RDI: ffff88813bc18040
[ 231.286141] RBP: ffffffff8305ad40 R08: 0000000000000003 R09: 0000000000000001
[ 231.286873] R10: ffffffff82803da0 R11: ffffc90000033b90 R12: 0000000000000001
[ 231.287606] R13: 0000000000000000 R14: ffff8881398a8000 R15: 0000000000000003
[ 231.288337] FS: 0000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
[ 231.289160] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 231.289754] CR2: 0000000000e72058 CR3: 000000010fa96006 CR4: 00000000003706f0
[ 231.290485] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 231.291211] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 231.291940] Call Trace:
[ 231.292211] smc_lgr_terminate_sched+0x53/0xa0
[ 231.292677] smc_switch_conns+0x75/0x6b0
[ 231.293085] ? update_load_avg+0x1a6/0x590
[ 231.293517] ? ttwu_do_wakeup+0x17/0x150
[ 231.293907] ? update_load_avg+0x1a6/0x590
[ 231.294317] ? newidle_balance+0xca/0x3d0
[ 231.294716] smcr_link_down+0x50/0x1a0
[ 231.295090] ? __wake_up_common_lock+0x77/0x90
[ 231.295534] smc_link_down_work+0x46/0x60
[ 231.295933] process_one_work+0x18b/0x350
|
2024-05-24 |
CVE-2021-47558 |
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: Disable Tx queues when reconfiguring the interface
|
2024-05-24 |
CVE-2021-47533 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Clear the HVS FIFO commit pointer once done
|
2024-05-24 |
CVE-2021-47519 |
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: m_can_read_fifo: fix memory leak in error branch
|
2024-05-24 |
CVE-2021-47516 |
In the Linux kernel, the following vulnerability has been resolved:
nfp: Fix memory leak in nfp_cpp_area_cache_add()
|
2024-05-24 |
CVE-2021-47518 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
|
2024-05-24 |
CVE-2021-47571 |
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
|
2024-05-24 |
CVE-2021-47541 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
|
2024-05-24 |
CVE-2021-47564 |
In the Linux kernel, the following vulnerability has been resolved:
net: marvell: prestera: fix double free issue on err path
|
2024-05-24 |
CVE-2021-47559 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
|
2024-05-24 |
CVE-2021-47523 |
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr
|
2024-05-24 |
CVE-2021-47503 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
|
2024-05-24 |
CVE-2021-47537 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: Fix a memleak bug in rvu_mbox_init()
|
2024-05-24 |
CVE-2021-47569 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fail cancellation for EXITING tasks
|
2024-05-24 |
CVE-2021-47521 |
In the Linux kernel, the following vulnerability has been resolved:
can: sja1000: fix use after free in ems_pcmcia_add_card()
|
2024-05-24 |
CVE-2021-47556 |
In the Linux kernel, the following vulnerability has been resolved:
ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()
|
2024-05-24 |
CVE-2021-47524 |
In the Linux kernel, the following vulnerability has been resolved:
serial: liteuart: fix minor-number leak on probe errors
|
2024-05-24 |
CVE-2021-47500 |
In the Linux kernel, the following vulnerability has been resolved:
iio: mma8452: Fix trigger reference couting
|
2024-05-24 |
CVE-2021-47509 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Limit the period size to 16MB
|
2024-05-24 |
CVE-2021-47502 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd934x: handle channel mappping list correctly
|
2024-05-24 |
CVE-2021-47534 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Add missing drm_crtc_commit_put
|
2024-05-24 |
CVE-2021-47554 |
In the Linux kernel, the following vulnerability has been resolved:
vdpa_sim: avoid putting an uninitialized iova_domain
|
2024-05-24 |
CVE-2021-47532 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/devfreq: Fix OPP refcnt leak
|
2024-05-24 |
CVE-2021-47499 |
In the Linux kernel, the following vulnerability has been resolved:
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
|
2024-05-24 |
CVE-2021-47526 |
In the Linux kernel, the following vulnerability has been resolved:
serial: liteuart: Fix NULL pointer dereference in ->remove()
|
2024-05-24 |
CVE-2021-47525 |
In the Linux kernel, the following vulnerability has been resolved:
serial: liteuart: fix use-after-free and memleak on unbind
|
2024-05-24 |
CVE-2021-47531 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
|
2024-05-24 |
CVE-2021-47528 |
In the Linux kernel, the following vulnerability has been resolved:
usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()
|
2024-05-24 |
CVE-2021-47540 |
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
|
2024-05-24 |
CVE-2021-47547 |
In the Linux kernel, the following vulnerability has been resolved:
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
|
2024-05-24 |
CVE-2021-47510 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix re-dirty process of tree-log nodes
|
2024-05-24 |
CVE-2021-47511 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Fix negative period/buffer sizes
|
2024-05-24 |
CVE-2021-47549 |
In the Linux kernel, the following vulnerability has been resolved:
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
|
2024-05-24 |
CVE-2021-47567 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/32: Fix hardlockup on vmap stack overflow
|
2024-05-24 |
CVE-2021-47570 |
In the Linux kernel, the following vulnerability has been resolved:
staging: r8188eu: fix a memory leak in rtw_wx_read32()
|
2024-05-24 |
CVE-2023-52880 |
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
|
2024-05-24 |
CVE-2021-47513 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
|
2024-05-24 |
CVE-2024-36012 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: msft: fix slab-use-after-free in msft_do_close()
|
2024-05-23 |
CVE-2024-3708 |
A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes:
1.) cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior could result
2.) a memory information disclosure event could result which could be used to determine the state of memory which could then be used to theoretically bypass ALSR protections
This CVE will be updated with more details on July 9th, 2024 after affected parties have had time to remediate.
|
2024-05-23 |
CVE-2024-36013 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
Extend a critical section to prevent chan from early freeing.
Also make the l2cap_connect() return type void. Nothing is using the
returned value but it is ugly to return a potentially freed pointer.
Making it void will help with backports because earlier kernels did use
the return value. Now the compile will break for kernels where this
patch is not a complete fix.
Call stack summary:
[use]
l2cap_bredr_sig_cmd
l2cap_connect
┌ mutex_lock(&conn->chan_lock);
│ chan = pchan->ops->new_connection(pchan); <- alloc chan
│ __l2cap_chan_add(conn, chan);
│ l2cap_chan_hold(chan);
│ list_add(&chan->list, &conn->chan_l); ... (1)
└ mutex_unlock(&conn->chan_lock);
chan->conf_state ... (4) <- use after free
[free]
l2cap_conn_del
┌ mutex_lock(&conn->chan_lock);
│ foreach chan in conn->chan_l: ... (2)
│ l2cap_chan_put(chan);
│ l2cap_chan_destroy
│ kfree(chan) ... (3) <- chan freed
└ mutex_unlock(&conn->chan_lock);
==================================================================
BUG: KASAN: slab-use-after-free in instrument_atomic_read
include/linux/instrumented.h:68 [inline]
BUG: KASAN: slab-use-after-free in _test_bit
include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0
net/bluetooth/l2cap_core.c:4260
Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311
|
2024-05-23 |
CVE-2024-36011 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: HCI: Fix potential null-ptr-deref
|
2024-05-23 |
CVE-2021-47486 |
In the Linux kernel, the following vulnerability has been resolved:
riscv, bpf: Fix potential NULL dereference
|
2024-05-22 |
CVE-2021-47443 |
In the Linux kernel, the following vulnerability has been resolved:
NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
|
2024-05-22 |
CVE-2021-47436 |
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: dsps: Fix the probe error path
|
2024-05-22 |
CVE-2021-47485 |
In the Linux kernel, the following vulnerability has been resolved:
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
|
2024-05-22 |
CVE-2021-47440 |
In the Linux kernel, the following vulnerability has been resolved:
net: encx24j600: check error in devm_regmap_init_encx24j600
|
2024-05-22 |
CVE-2021-47458 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: mount fails with buffer overflow in strlen
|
2024-05-22 |
CVE-2021-47457 |
In the Linux kernel, the following vulnerability has been resolved:
can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
|
2024-05-22 |
CVE-2021-47446 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a4xx: fix error handling in a4xx_gpu_init()
|
2024-05-22 |
CVE-2021-47465 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
|
2024-05-22 |
CVE-2021-47468 |
In the Linux kernel, the following vulnerability has been resolved:
isdn: mISDN: Fix sleeping function called from invalid context
|
2024-05-22 |
CVE-2024-36010 |
In the Linux kernel, the following vulnerability has been resolved:
igb: Fix string truncation warnings in igb_set_fw_version
Commit 1978d3ead82c ("intel: fix string truncation warnings")
fixes '-Wformat-truncation=' warnings in igb_main.c by using kasprintf.
drivers/net/ethernet/intel/igb/igb_main.c:3092:53: warning:‘%d’ directive output may be truncated writing between 1 and 5 bytes into a region of size between 1 and 13 [-Wformat-truncation=]
3092 | "%d.%d, 0x%08x, %d.%d.%d",
| ^~
drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument in the range [0, 65535]
3092 | "%d.%d, 0x%08x, %d.%d.%d",
| ^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument in the range [0, 65535]
drivers/net/ethernet/intel/igb/igb_main.c:3090:25: note:‘snprintf’ output between 23 and 43 bytes into a destination of size 32
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
Fix this warning by using a larger space for adapter->fw_version,
and then fall back and continue to use snprintf.
|
2024-05-22 |
CVE-2021-47453 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Avoid crash from unnecessary IDA free
|
2024-05-22 |
CVE-2021-47474 |
In the Linux kernel, the following vulnerability has been resolved:
comedi: vmk80xx: fix bulk-buffer overflow
|
2024-05-22 |
CVE-2021-47470 |
In the Linux kernel, the following vulnerability has been resolved:
mm, slub: fix potential use-after-free in slab_debugfs_fops
|
2024-05-22 |
CVE-2021-47475 |
In the Linux kernel, the following vulnerability has been resolved:
comedi: vmk80xx: fix transfer-buffer overflows
|
2024-05-22 |
CVE-2021-47482 |
In the Linux kernel, the following vulnerability has been resolved:
net: batman-adv: fix error handling
|
2024-05-22 |
CVE-2021-47454 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/smp: do not decrement idle task preempt count in CPU offline
|
2024-05-22 |
CVE-2021-47494 |
In the Linux kernel, the following vulnerability has been resolved:
cfg80211: fix management registrations locking
|
2024-05-22 |
CVE-2021-47447 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a3xx: fix error handling in a3xx_gpu_init()
|
2024-05-22 |
CVE-2021-47450 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix host stage-2 PGD refcount
|
2024-05-22 |
CVE-2021-47442 |
In the Linux kernel, the following vulnerability has been resolved:
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
|
2024-05-22 |
CVE-2021-47471 |
In the Linux kernel, the following vulnerability has been resolved:
drm: mxsfb: Fix NULL pointer dereference crash on unload
|
2024-05-22 |
CVE-2024-4453 |
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-23896.
|
2024-05-22 |
CVE-2021-47449 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix locking for Tx timestamp tracking flush
|
2024-05-22 |
CVE-2021-47445 |
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix null pointer dereference on pointer edp
|
2024-05-22 |
CVE-2021-47493 |
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix race between searching chunks and release journal_head from buffer_head
|
2024-05-22 |
CVE-2021-47479 |
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8712: fix use-after-free in rtl8712_dl_fw
|
2024-05-22 |
CVE-2021-47481 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR
|
2024-05-22 |
CVE-2021-47484 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: Fix possible null pointer dereference.
|
2024-05-22 |
CVE-2021-47462 |
In the Linux kernel, the following vulnerability has been resolved:
mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind()
|
2024-05-22 |
CVE-2021-47477 |
In the Linux kernel, the following vulnerability has been resolved:
comedi: dt9812: fix DMA buffers on stack
|
2024-05-22 |
CVE-2021-47463 |
In the Linux kernel, the following vulnerability has been resolved:
mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()
|
2024-05-22 |
CVE-2021-47456 |
In the Linux kernel, the following vulnerability has been resolved:
can: peak_pci: peak_pci_remove(): fix UAF
|
2024-05-22 |
CVE-2021-47476 |
In the Linux kernel, the following vulnerability has been resolved:
comedi: ni_usb6501: fix NULL-deref in command paths
|
2024-05-22 |
CVE-2021-47437 |
In the Linux kernel, the following vulnerability has been resolved:
iio: adis16475: fix deadlock on frequency set
|
2024-05-22 |
CVE-2021-47439 |
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work
|
2024-05-22 |
CVE-2021-47225 |
In the Linux kernel, the following vulnerability has been resolved:
mac80211: fix deadlock in AP/VLAN handling
|
2024-05-21 |
CVE-2022-48708 |
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: single: fix potential NULL dereference
|
2024-05-21 |
CVE-2023-52863 |
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (axi-fan-control) Fix possible NULL pointer dereference
|
2024-05-21 |
CVE-2023-52790 |
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC
|
2024-05-21 |
CVE-2023-52746 |
In the Linux kernel, the following vulnerability has been resolved:
xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
|
2024-05-21 |
CVE-2023-52845 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
|
2024-05-21 |
CVE-2023-52762 |
In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: fix implicit overflow on virtio_max_dma_size
|
2024-05-21 |
CVE-2021-47402 |
In the Linux kernel, the following vulnerability has been resolved:
net: sched: flower: protect fl_walk() with rcu
|
2024-05-21 |
CVE-2023-52707 |
In the Linux kernel, the following vulnerability has been resolved:
sched/psi: Fix use-after-free in ep_remove_wait_queue()
|
2024-05-21 |
CVE-2023-52782 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
|
2024-05-21 |
CVE-2021-47361 |
In the Linux kernel, the following vulnerability has been resolved:
mcb: fix error handling in mcb_alloc_bus()
|
2024-05-21 |
CVE-2023-52745 |
In the Linux kernel, the following vulnerability has been resolved:
IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
|
2024-05-21 |
CVE-2023-52754 |
In the Linux kernel, the following vulnerability has been resolved:
media: imon: fix access to invalid resource for the second interface
|
2024-05-21 |
CVE-2021-47325 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation
|
2024-05-21 |
CVE-2021-47422 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/kms/nv50-: fix file release memory leak
|
2024-05-21 |
CVE-2023-52769 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix htt mlo-offset event locking
|
2024-05-21 |
CVE-2023-52811 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
|
2024-05-21 |
CVE-2021-47381 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Fix DSP oops stack dump output contents
|
2024-05-21 |
CVE-2021-47335 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances
|
2024-05-21 |
CVE-2023-52796 |
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: add ipvlan_route_v6_outbound() helper
|
2024-05-21 |
CVE-2021-47252 |
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: Avoid WARN_ON timing related checks
|
2024-05-21 |
CVE-2021-47270 |
In the Linux kernel, the following vulnerability has been resolved:
usb: fix various gadgets null ptr deref on 10gbps cabling.
|
2024-05-21 |
CVE-2023-52779 |
In the Linux kernel, the following vulnerability has been resolved:
fs: Pass AT_GETATTR_NOSEC flag to getattr interface function
|
2024-05-21 |
CVE-2023-52803 |
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
|
2024-05-21 |
CVE-2023-52738 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
|
2024-05-21 |
CVE-2021-47414 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: Flush current cpu icache before other cpus
|
2024-05-21 |
CVE-2023-52840 |
In the Linux kernel, the following vulnerability has been resolved:
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
|
2024-05-21 |
CVE-2021-47292 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix memleak in io_init_wq_offload()
|
2024-05-21 |
CVE-2021-47227 |
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Prevent state corruption in __fpu__restore_sig()
|
2024-05-21 |
CVE-2021-47398 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: Fix kernel pointer leak
|
2024-05-21 |
CVE-2023-52755 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab out of bounds write in smb_inherit_dacl()
slab out-of-bounds write is caused by that offsets is bigger than pntsd
allocation size. This patch add the check to validate 3 offsets using
allocation size.
|
2024-05-21 |
CVE-2023-52852 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to avoid use-after-free on dic
|
2024-05-21 |
CVE-2023-52807 |
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs
|
2024-05-21 |
CVE-2023-52735 |
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
|
2024-05-21 |
CVE-2023-52767 |
In the Linux kernel, the following vulnerability has been resolved:
tls: fix NULL deref on tls_sw_splice_eof() with empty record
|
2024-05-21 |
CVE-2021-47278 |
In the Linux kernel, the following vulnerability has been resolved:
bus: mhi: pci_generic: Fix possible use-after-free in mhi_pci_remove()
|
2024-05-21 |
CVE-2021-47371 |
In the Linux kernel, the following vulnerability has been resolved:
nexthop: Fix memory leaks in nexthop notification chain listeners
|
2024-05-21 |
CVE-2023-52813 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Fix hungtask for PADATA_RESET
|
2024-05-21 |
CVE-2021-47279 |
In the Linux kernel, the following vulnerability has been resolved:
usb: misc: brcmstb-usb-pinmap: check return value after calling platform_get_resource()
|
2024-05-21 |
CVE-2021-47426 |
In the Linux kernel, the following vulnerability has been resolved:
bpf, s390: Fix potential memory leak about jit_data
|
2024-05-21 |
CVE-2023-52856 |
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: lt8912b: Fix crash on bridge detach
|
2024-05-21 |
CVE-2021-47367 |
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: fix pages leaking when building skb in big mode
|
2024-05-21 |
CVE-2021-47318 |
In the Linux kernel, the following vulnerability has been resolved:
arch_topology: Avoid use-after-free for scale_freq_data
|
2024-05-21 |
CVE-2023-52751 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free in smb2_query_info_compound()
|
2024-05-21 |
CVE-2024-42265 |
NOTE: 450.248.02-4 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520
DEBIANBUG: [1064983, 1064984, 1064985, 1064986, 1064987, 1064988, 1064989]
|
2024-05-21 |
CVE-2023-52736 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Do not unset preset when cleaning up codec
|
2024-05-21 |
CVE-2023-52877 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
|
2024-05-21 |
CVE-2021-47324 |
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix possible use-after-free in wdt_startup()
|
2024-05-21 |
CVE-2023-52872 |
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: fix race condition in status line change on dead connections
|
2024-05-21 |
CVE-2023-52866 |
In the Linux kernel, the following vulnerability has been resolved:
HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks()
|
2024-05-21 |
CVE-2021-47272 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: gadget: Bail from dwc3_gadget_exit() if dwc->gadget is NULL
|
2024-05-21 |
CVE-2021-47372 |
In the Linux kernel, the following vulnerability has been resolved:
net: macb: fix use after free on rmmod
|
2024-05-21 |
CVE-2023-52861 |
In the Linux kernel, the following vulnerability has been resolved:
drm: bridge: it66121: Fix invalid connector dereference
|
2024-05-21 |
CVE-2021-47317 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/bpf: Fix detecting BPF atomic instructions
|
2024-05-21 |
CVE-2021-47284 |
In the Linux kernel, the following vulnerability has been resolved:
isdn: mISDN: netjet: Fix crash in nj_probe:
|
2024-05-21 |
CVE-2023-52771 |
In the Linux kernel, the following vulnerability has been resolved:
cxl/port: Fix delete_endpoint() vs parent unregistration race
|
2024-05-21 |
CVE-2021-47365 |
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix page leak
|
2024-05-21 |
CVE-2023-52842 |
In the Linux kernel, the following vulnerability has been resolved:
virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
|
2024-05-21 |
CVE-2023-52838 |
In the Linux kernel, the following vulnerability has been resolved:
fbdev: imsttfb: fix a resource leak in probe
|
2024-05-21 |
CVE-2021-47287 |
In the Linux kernel, the following vulnerability has been resolved:
driver core: auxiliary bus: Fix memory leak when driver_register() fail
|
2024-05-21 |
CVE-2023-52780 |
In the Linux kernel, the following vulnerability has been resolved:
net: mvneta: fix calls to page_pool_get_stats
|
2024-05-21 |
CVE-2023-52778 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: deal with large GSO size
|
2024-05-21 |
CVE-2021-47388 |
In the Linux kernel, the following vulnerability has been resolved:
mac80211: fix use-after-free in CCMP/GCMP RX
|
2024-05-21 |
CVE-2023-52784 |
In the Linux kernel, the following vulnerability has been resolved:
bonding: stop the device in bond_setup_by_slave()
|
2024-05-21 |
CVE-2021-47420 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: fix a potential ttm->sg memory leak
|
2024-05-21 |
CVE-2021-47273 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled
|
2024-05-21 |
CVE-2021-47290 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Fix NULL dereference on XCOPY completion
|
2024-05-21 |
CVE-2021-47394 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unlink table before deleting it
|
2024-05-21 |
CVE-2021-47428 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/64s: fix program check interrupt emergency stack path
|
2024-05-21 |
CVE-2023-52834 |
In the Linux kernel, the following vulnerability has been resolved:
atl1c: Work around the DMA RX overflow issue
|
2024-05-21 |
CVE-2023-52855 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
|
2024-05-21 |
CVE-2023-52799 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbFindLeaf
|
2024-05-21 |
CVE-2021-47322 |
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT
|
2024-05-21 |
CVE-2023-52876 |
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
|
2024-05-21 |
CVE-2023-52832 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
|
2024-05-21 |
CVE-2023-52747 |
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Restore allocated resources on failed copyout
|
2024-05-21 |
CVE-2022-48707 |
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix null pointer dereference for resetting decoder
|
2024-05-21 |
CVE-2023-52841 |
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: mux: Add check and kfree for kstrdup
|
2024-05-21 |
CVE-2023-52860 |
In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process
|
2024-05-21 |
CVE-2021-47419 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_taprio: properly cancel timer from taprio_destroy()
|
2024-05-21 |
CVE-2022-48709 |
In the Linux kernel, the following vulnerability has been resolved:
ice: switch: fix potential memleak in ice_add_adv_recipe()
|
2024-05-21 |
CVE-2023-52805 |
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in diAlloc
|
2024-05-21 |
CVE-2023-52850 |
In the Linux kernel, the following vulnerability has been resolved:
media: hantro: Check whether reset op is defined before use
|
2024-05-21 |
CVE-2021-47415 |
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: mvm: Fix possible NULL dereference
|
2024-05-21 |
CVE-2021-47268 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port
|
2024-05-21 |
CVE-2023-52744 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix potential NULL-ptr-dereference
|
2024-05-21 |
CVE-2023-52836 |
In the Linux kernel, the following vulnerability has been resolved:
locking/ww_mutex/test: Fix potential workqueue corruption
|
2024-05-21 |
CVE-2021-47316 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix NULL dereference in nfs3svc_encode_getaclres
|
2024-05-21 |
CVE-2024-35967 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: Fix not validating setsockopt user input
|
2024-05-20 |
CVE-2024-35963 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sock: Fix not validating setsockopt user input
|
2024-05-20 |
CVE-2024-35992 |
In the Linux kernel, the following vulnerability has been resolved:
phy: marvell: a3700-comphy: Fix out of bounds read
|
2024-05-20 |
CVE-2024-35959 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix mlx5e_priv_init() cleanup flow
|
2024-05-20 |
CVE-2024-35991 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue
|
2024-05-20 |
CVE-2024-35990 |
In the Linux kernel, the following vulnerability has been resolved:
dma: xilinx_dpdma: Fix locking
|
2024-05-20 |
CVE-2024-36001 |
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix the pre-flush when appending to a file in writethrough mode
|
2024-05-20 |
CVE-2024-35952 |
In the Linux kernel, the following vulnerability has been resolved:
drm/ast: Fix soft lockup
|
2024-05-20 |
CVE-2024-35979 |
In the Linux kernel, the following vulnerability has been resolved:
raid1: fix use-after-free for original bio in raid1_write_request()
|
2024-05-20 |
CVE-2024-36003 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix LAG and VF lock dependency in ice_reset_vf()
|
2024-05-20 |
CVE-2024-35978 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix memory leak in hci_req_sync_complete()
|
2024-05-20 |
CVE-2024-35966 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: RFCOMM: Fix not validating setsockopt user input
|
2024-05-20 |
CVE-2024-35993 |
In the Linux kernel, the following vulnerability has been resolved:
mm: turn folio_test_hugetlb into a PageType
|
2024-05-20 |
CVE-2024-35995 |
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Use access_width over bit_width for system memory accesses
|
2024-05-20 |
CVE-2024-35975 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix transmit scheduler resource leak
|
2024-05-20 |
CVE-2024-33870 |
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686
ADVISORIES: ['DSA-5692-1']
|
2024-05-20 |
CVE-2024-35985 |
In the Linux kernel, the following vulnerability has been resolved:
sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
|
2024-05-20 |
CVE-2024-35994 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: qcom: uefisecapp: Fix memory related IO errors and crashes
|
2024-05-20 |
CVE-2024-35964 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix not validating setsockopt user input
|
2024-05-20 |
CVE-2024-35954 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Avoid sg device teardown race
|
2024-05-20 |
CVE-2024-29510 |
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
Amazon Linux has assessed CVE-2024-29510 impacting Ghostscript. The complexity of the fixes required results in a high regression risk to the functionality of the code. This functionality risk outweighs the risk posed by the CVE fix. Amazon Linux will not be shipping a fix for CVE-2024-29510 on AL1.
|
2024-05-20 |
CVE-2024-33869 |
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 (ghostpdl-10.03.1)
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 (ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707691
ADVISORIES: ['DSA-5692-1']
|
2024-05-20 |
CVE-2024-35958 |
In the Linux kernel, the following vulnerability has been resolved:
net: ena: Fix incorrect descriptor free behavior
|
2024-05-20 |
CVE-2024-35195 |
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
|
2024-05-20 |
CVE-2024-35953 |
In the Linux kernel, the following vulnerability has been resolved:
accel/ivpu: Fix deadlock in context_xa
|
2024-05-20 |
CVE-2024-35957 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix WARN_ON in iommu probe path
|
2024-05-20 |
CVE-2024-35988 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix TASK_SIZE on 64-bit NOMMU
|
2024-05-20 |
CVE-2024-35982 |
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: Avoid infinite loop trying to resize local TT
|
2024-05-20 |
CVE-2024-35983 |
In the Linux kernel, the following vulnerability has been resolved:
bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
|
2024-05-20 |
CVE-2024-35968 |
In the Linux kernel, the following vulnerability has been resolved:
pds_core: Fix pdsc_check_pci_health function to use work thread
|
2024-05-20 |
CVE-2024-35972 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()
|
2024-05-20 |
CVE-2024-36009 |
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix netdev refcount issue
|
2024-05-20 |
CVE-2024-35971 |
In the Linux kernel, the following vulnerability has been resolved:
net: ks8851: Handle softirqs at the end of IRQ thread to fix hang
|
2024-05-20 |
CVE-2024-35965 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix not validating setsockopt user input
|
2024-05-20 |
CVE-2024-35961 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Register devlink first under devlink lock
|
2024-05-20 |
CVE-2024-35980 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: tlb: Fix TLBI RANGE operand
|
2024-05-20 |
CVE-2024-35951 |
In the Linux kernel, the following vulnerability has been resolved:
drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
|
2024-05-20 |
CVE-2024-35987 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix loading 64-bit NOMMU kernels past the start of RAM
|
2024-05-20 |
CVE-2024-36002 |
In the Linux kernel, the following vulnerability has been resolved:
dpll: fix dpll_pin_on_pin_register() for multiple parent pins
|
2024-05-20 |
CVE-2024-35977 |
In the Linux kernel, the following vulnerability has been resolved:
platform/chrome: cros_ec_uart: properly fix race condition
|
2024-05-20 |
CVE-2024-35986 |
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered
|
2024-05-20 |
CVE-2024-35921 |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix oops when HEVC init fails
|
2024-05-19 |
CVE-2024-35886 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix infinite recursion in fib6_dump_done().
|
2024-05-19 |
CVE-2024-35864 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in smb2_is_valid_lease_break()
|
2024-05-19 |
CVE-2024-35874 |
In the Linux kernel, the following vulnerability has been resolved:
aio: Fix null ptr deref in aio_complete() wakeup
|
2024-05-19 |
CVE-2024-35869 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: guarantee refcounted children from parent session
|
2024-05-19 |
CVE-2024-35888 |
In the Linux kernel, the following vulnerability has been resolved:
erspan: make sure erspan_base_hdr is present in skb->head
|
2024-05-19 |
CVE-2024-35904 |
In the Linux kernel, the following vulnerability has been resolved:
selinux: avoid dereference of garbage after mount failure
|
2024-05-19 |
CVE-2024-35915 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
|
2024-05-19 |
CVE-2024-35909 |
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: t7xx: Split 64bit accesses to fix alignment issues
|
2024-05-19 |
CVE-2024-35920 |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: adding lock to protect decoder context list
|
2024-05-19 |
CVE-2024-35926 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix async_disable descriptor leak
|
2024-05-19 |
CVE-2024-35894 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: prevent BPF accessing lowat from a subflow socket.
|
2024-05-19 |
CVE-2024-35917 |
In the Linux kernel, the following vulnerability has been resolved:
s390/bpf: Fix bpf_plt pointer arithmetic
|
2024-05-19 |
CVE-2024-35898 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
|
2024-05-19 |
CVE-2024-35911 |
In the Linux kernel, the following vulnerability has been resolved:
ice: fix memory corruption bug with suspend and rebuild
|
2024-05-19 |
CVE-2024-35925 |
In the Linux kernel, the following vulnerability has been resolved:
block: prevent division by zero in blk_rq_stat_sum()
|
2024-05-19 |
CVE-2024-35879 |
In the Linux kernel, the following vulnerability has been resolved:
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
|
2024-05-19 |
CVE-2024-35885 |
In the Linux kernel, the following vulnerability has been resolved:
mlxbf_gige: stop interface during shutdown
|
2024-05-19 |
CVE-2024-35924 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Limit read size on v1.2
|
2024-05-19 |
CVE-2024-35880 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/kbuf: hold io_buffer_list reference over mmap
|
2024-05-19 |
CVE-2024-35887 |
In the Linux kernel, the following vulnerability has been resolved:
ax25: fix use-after-free bugs caused by ax25_ds_del_timer
|
2024-05-19 |
CVE-2024-35877 |
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/pat: fix VM_PAT handling in COW mappings
|
2024-05-19 |
CVE-2024-35867 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_stats_proc_show()
|
2024-05-19 |
CVE-2024-35861 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
|
2024-05-19 |
CVE-2024-35907 |
In the Linux kernel, the following vulnerability has been resolved:
mlxbf_gige: call request_irq() after NAPI initialized
|
2024-05-19 |
CVE-2024-35933 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
|
2024-05-19 |
CVE-2024-35903 |
In the Linux kernel, the following vulnerability has been resolved:
x86/bpf: Fix IP after emitting call depth accounting
|
2024-05-19 |
CVE-2024-35913 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF
|
2024-05-19 |
CVE-2024-35947 |
In the Linux kernel, the following vulnerability has been resolved:
dyndbg: fix old BUG_ON in >control parser
|
2024-05-19 |
CVE-2024-35875 |
In the Linux kernel, the following vulnerability has been resolved:
x86/coco: Require seeding RNG with RDRAND on CoCo systems
|
2024-05-19 |
CVE-2024-35863 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in is_valid_oplock_break()
|
2024-05-19 |
CVE-2024-35901 |
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix Rx DMA datasize and skb_over_panic
|
2024-05-19 |
CVE-2024-35870 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in smb2_reconnect_server()
|
2024-05-19 |
CVE-2024-35892 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
|
2024-05-19 |
CVE-2024-35931 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Skip do PCI error slot reset during RAS recovery
|
2024-05-19 |
CVE-2024-35905 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Protect against int overflow for stack access size
|
2024-05-19 |
CVE-2024-35914 |
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix error cleanup path in nfsd_rename()
|
2024-05-19 |
CVE-2024-35866 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_dump_full_key()
|
2024-05-19 |
CVE-2024-35943 |
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
|
2024-05-19 |
CVE-2024-35932 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: don't check if plane->state->fb == state->fb
|
2024-05-19 |
CVE-2024-35939 |
In the Linux kernel, the following vulnerability has been resolved:
dma-direct: Leak pages on dma_set_decrypted() failure
|
2024-05-19 |
CVE-2024-35934 |
In the Linux kernel, the following vulnerability has been resolved:
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
|
2024-05-19 |
CVE-2024-35937 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: check A-MSDU format more carefully
|
2024-05-19 |
CVE-2024-35912 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: rfi: fix potential response leaks
|
2024-05-19 |
CVE-2024-35922 |
In the Linux kernel, the following vulnerability has been resolved:
fbmon: prevent division by zero in fb_videomode_from_videomode()
|
2024-05-19 |
CVE-2023-52699 |
In the Linux kernel, the following vulnerability has been resolved:
sysv: don't call sb_bread() with pointers_lock held
|
2024-05-19 |
CVE-2024-36048 |
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
|
2024-05-18 |
CVE-2024-35850 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix NULL-deref on non-serdev setup
|
2024-05-17 |
CVE-2023-52666 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix potential circular locking issue in smb2_set_ea()
|
2024-05-17 |
CVE-2023-52669 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: s390/aes - Fix buffer overread in CTR mode
|
2024-05-17 |
CVE-2023-52424 |
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.
|
2024-05-17 |
CVE-2024-27415 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bridge: confirm multicast packets before passing them up the stack
|
2024-05-17 |
CVE-2024-35833 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
|
2024-05-17 |
CVE-2024-35847 |
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Prevent double free on error
|
2024-05-17 |
CVE-2024-35821 |
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Set page uptodate in the correct place
|
2024-05-17 |
CVE-2024-35813 |
In the Linux kernel, the following vulnerability has been resolved:
mmc: core: Avoid negative index with array access
|
2024-05-17 |
CVE-2023-52678 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
|
2024-05-17 |
CVE-2024-27404 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix data races on remote_id
|
2024-05-17 |
CVE-2024-35800 |
In the Linux kernel, the following vulnerability has been resolved:
efi: fix panic in kdump kernel
|
2024-05-17 |
CVE-2023-52677 |
In the Linux kernel, the following vulnerability has been resolved:
riscv: Check if the code to patch lies in the exit section
|
2024-05-17 |
CVE-2024-35804 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Mark target gfn of emulated atomic instruction as dirty
|
2024-05-17 |
CVE-2023-52698 |
In the Linux kernel, the following vulnerability has been resolved:
calipso: fix memory leak in netlbl_calipso_add_pass()
|
2024-05-17 |
CVE-2024-35829 |
In the Linux kernel, the following vulnerability has been resolved:
drm/lima: fix a memleak in lima_heap_alloc
|
2024-05-17 |
CVE-2024-35826 |
In the Linux kernel, the following vulnerability has been resolved:
block: Fix page refcounts for unaligned buffers in __bio_release_pages()
|
2024-05-17 |
CVE-2024-35792 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: rk3288 - Fix use after free in unprepare
|
2024-05-17 |
CVE-2024-35852 |
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
|
2024-05-17 |
CVE-2023-52690 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv: Add a null pointer check to scom_debug_init_one()
|
2024-05-17 |
CVE-2024-27413 |
In the Linux kernel, the following vulnerability has been resolved:
efi/capsule-loader: fix incorrect allocation size
|
2024-05-17 |
CVE-2024-35807 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix corruption during on-line resize
|
2024-05-17 |
CVE-2023-52673 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix a debugfs null pointer error
|
2024-05-17 |
CVE-2024-27419 |
In the Linux kernel, the following vulnerability has been resolved:
netrom: Fix data-races around sysctl_net_busy_read
|
2024-05-17 |
CVE-2024-35815 |
In the Linux kernel, the following vulnerability has been resolved:
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
|
2024-05-17 |
CVE-2024-35853 |
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
|
2024-05-17 |
CVE-2023-52697 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL
|
2024-05-17 |
CVE-2024-35844 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix reserve_cblocks counting error when out of space
|
2024-05-17 |
CVE-2024-27418 |
In the Linux kernel, the following vulnerability has been resolved:
net: mctp: take ownership of skb in mctp_local_output
|
2024-05-17 |
CVE-2024-35797 |
In the Linux kernel, the following vulnerability has been resolved:
mm: cachestat: fix two shmem bugs
|
2024-05-17 |
CVE-2023-52686 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv: Add a null pointer check in opal_event_init()
|
2024-05-17 |
CVE-2023-52692 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()
|
2024-05-17 |
CVE-2023-52680 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: scarlett2: Add missing error checks to *_ctl_get()
|
2024-05-17 |
CVE-2023-52663 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()
|
2024-05-17 |
CVE-2024-35789 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
|
2024-05-17 |
CVE-2024-35803 |
In the Linux kernel, the following vulnerability has been resolved:
x86/efistub: Call mixed mode boot services on the firmware's stack
|
2024-05-17 |
CVE-2024-27411 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: keep DMA buffers required for suspend/resume
|
2024-05-17 |
CVE-2023-52658 |
In the Linux kernel, the following vulnerability has been resolved:
Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"
|
2024-05-17 |
CVE-2024-35830 |
In the Linux kernel, the following vulnerability has been resolved:
media: tc358743: register v4l2 async device only after successful setup
|
2024-05-17 |
CVE-2023-52672 |
In the Linux kernel, the following vulnerability has been resolved:
pipe: wakeup wr_wait after setting max_usage
|
2024-05-17 |
CVE-2023-52675 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
|
2024-05-17 |
CVE-2023-52684 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: qcom: qseecom: fix memory leaks in error paths
|
2024-05-17 |
CVE-2024-35786 |
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf
|
2024-05-17 |
CVE-2024-35827 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
|
2024-05-17 |
CVE-2023-52688 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix the error handler of rfkill config
|
2024-05-17 |
CVE-2024-27412 |
In the Linux kernel, the following vulnerability has been resolved:
power: supply: bq27xxx-i2c: Do not free non existing IRQ
|
2024-05-17 |
CVE-2024-35793 |
In the Linux kernel, the following vulnerability has been resolved:
debugfs: fix wait/cancellation handling during remove
|
2024-05-17 |
CVE-2024-35814 |
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: Fix double-allocation of slots due to broken alignment handling
|
2024-05-17 |
CVE-2023-52674 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()
|
2024-05-17 |
CVE-2024-35788 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix bounds check for dcn35 DcfClocks
|
2024-05-17 |
CVE-2024-35859 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix module reference leakage from bdev_open_by_dev error path
|
2024-05-17 |
CVE-2024-35855 |
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
|
2024-05-17 |
CVE-2024-35823 |
In the Linux kernel, the following vulnerability has been resolved:
vt: fix unicode buffer corruption when deleting characters
|
2024-05-17 |
CVE-2024-27402 |
In the Linux kernel, the following vulnerability has been resolved:
phonet/pep: fix racy skb_queue_empty() use
|
2024-05-17 |
CVE-2024-35805 |
In the Linux kernel, the following vulnerability has been resolved:
dm snapshot: fix lockup in dm_exception_table_exit
|
2024-05-17 |
CVE-2024-27417 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
|
2024-05-17 |
CVE-2024-35849 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
|
2024-05-17 |
CVE-2024-35809 |
In the Linux kernel, the following vulnerability has been resolved:
PCI/PM: Drain runtime-idle callbacks before driver removal
|
2024-05-17 |
CVE-2024-35801 |
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
|
2024-05-17 |
CVE-2024-35858 |
In the Linux kernel, the following vulnerability has been resolved:
net: bcmasp: fix memory leak when bringing down interface
|
2024-05-17 |
CVE-2023-52687 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: safexcel - Add error handling for dma_map_sg() calls
|
2024-05-17 |
CVE-2024-35795 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix deadlock while reading mqd from debugfs
|
2024-05-17 |
CVE-2024-35848 |
In the Linux kernel, the following vulnerability has been resolved:
eeprom: at24: fix memory corruption race condition
|
2024-05-17 |
CVE-2024-35819 |
In the Linux kernel, the following vulnerability has been resolved:
soc: fsl: qbman: Use raw spinlock for cgr_lock
|
2024-05-17 |
CVE-2024-35840 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
|
2024-05-17 |
CVE-2024-35808 |
In the Linux kernel, the following vulnerability has been resolved:
md/dm-raid: don't call md_reap_sync_thread() directly
|
2024-05-17 |
CVE-2024-35825 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: ncm: Fix handling of zero block length packets
|
2024-05-17 |
CVE-2024-35857 |
In the Linux kernel, the following vulnerability has been resolved:
icmp: prevent possible NULL dereferences from icmp_build_probe()
|
2024-05-17 |
CVE-2023-52660 |
In the Linux kernel, the following vulnerability has been resolved:
media: rkisp1: Fix IRQ handling due to shared interrupts
|
2024-05-17 |
CVE-2023-52691 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: fix a double-free in si_dpm_init
|
2024-05-17 |
CVE-2024-35836 |
In the Linux kernel, the following vulnerability has been resolved:
dpll: fix pin dump crash for rebound module
|
2024-05-17 |
CVE-2024-35842 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: sof-common: Add NULL check for normal_link string
|
2024-05-17 |
CVE-2024-27406 |
In the Linux kernel, the following vulnerability has been resolved:
lib/Kconfig.debug: TEST_IOV_ITER depends on MMU
|
2024-05-17 |
CVE-2024-27407 |
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fixed overflow check in mi_enum_attr()
|
2024-05-17 |
CVE-2023-52659 |
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type
|
2024-05-17 |
CVE-2024-35790 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
|
2024-05-17 |
CVE-2024-35785 |
In the Linux kernel, the following vulnerability has been resolved:
tee: optee: Fix kernel panic caused by incorrect error handling
|
2024-05-17 |
CVE-2024-27431 |
In the Linux kernel, the following vulnerability has been resolved:
cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
|
2024-05-17 |
CVE-2024-35856 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: mediatek: Fix double free of skb in coredump
|
2024-05-17 |
CVE-2024-27408 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
|
2024-05-17 |
CVE-2023-52676 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Guard stack limits against 32bit overflow
|
2024-05-17 |
CVE-2023-45733 |
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
|
2024-05-16 |
CVE-2024-35176 |
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
|
2024-05-16 |
CVE-2023-38417 |
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
2024-05-16 |
CVE-2023-47855 |
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-05-16 |
CVE-2023-47210 |
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
2024-05-16 |
CVE-2024-21823 |
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access.
|
2024-05-16 |
CVE-2023-46103 |
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
|
2024-05-16 |
CVE-2023-45745 |
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
|
2024-05-16 |
CVE-2024-4603 |
Issue summary: Checking excessively long DSA keys or parameters may be very
slow.
Impact summary: Applications that use the functions EVP_PKEY_param_check()
or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
experience long delays. Where the key or parameters that are being checked
have been obtained from an untrusted source this may lead to a Denial of
Service.
The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform
various checks on DSA parameters. Some of those computations take a long time
if the modulus (`p` parameter) is too large.
Trying to use a very large modulus is slow and OpenSSL will not allow using
public keys with a modulus which is over 10,000 bits in length for signature
verification. However the key and parameter check functions do not limit
the modulus size when performing the checks.
An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()
and supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.
These functions are not called by OpenSSL itself on untrusted DSA keys so
only applications that directly call these functions may be vulnerable.
Also vulnerable are the OpenSSL pkey and pkeyparam command line applications
when using the `-check` option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
|
2024-05-16 |
CVE-2024-30045 |
.NET and Visual Studio Remote Code Execution Vulnerability
|
2024-05-14 |
CVE-2024-4367 |
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
|
2024-05-14 |
CVE-2024-4768 |
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
|
2024-05-14 |
CVE-2024-4778 |
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-4764 |
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-34340 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2024-4770 |
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
|
2024-05-14 |
CVE-2024-30268 |
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.
|
2024-05-14 |
CVE-2024-27393 |
In the Linux kernel, the following vulnerability has been resolved:
xen-netfront: Add missing skb_mark_for_recycle
|
2024-05-14 |
CVE-2023-52655 |
In the Linux kernel, the following vulnerability has been resolved:
usb: aqc111: check packet for fixup for true limit
|
2024-05-14 |
CVE-2024-27394 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix Use-After-Free in tcp_ao_connect_init
|
2024-05-14 |
CVE-2024-27398 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
|
2024-05-14 |
CVE-2024-31444 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2024-34459 |
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
|
2024-05-14 |
CVE-2024-27396 |
In the Linux kernel, the following vulnerability has been resolved:
net: gtp: Fix Use-After-Free in gtp_dellink
|
2024-05-14 |
CVE-2024-31459 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2024-27399 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
|
2024-05-14 |
CVE-2024-29894 |
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.
|
2024-05-14 |
CVE-2024-31445 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2024-26306 |
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
|
2024-05-14 |
CVE-2024-4855 |
Use after free issue in editcap could cause denial of service via crafted capture file
|
2024-05-14 |
CVE-2024-25641 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
|
2024-05-14 |
CVE-2024-4772 |
An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-27397 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: use timestamp to check for set element timeout
|
2024-05-14 |
CVE-2024-27082 |
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2024-30046 |
Visual Studio Denial of Service Vulnerability
|
2024-05-14 |
CVE-2024-4775 |
An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-32465 |
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.
|
2024-05-14 |
CVE-2024-31443 |
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2023-52656 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring: drop any code related to SCM_RIGHTS
|
2024-05-14 |
CVE-2023-52654 |
In the Linux kernel, the following vulnerability has been resolved:
io_uring/af_unix: disable sending io_uring over sockets
|
2024-05-14 |
CVE-2024-31460 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2024-27400 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
|
2024-05-14 |
CVE-2024-4769 |
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
|
2024-05-14 |
CVE-2024-4777 |
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
|
2024-05-14 |
CVE-2024-4854 |
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file
|
2024-05-14 |
CVE-2024-29895 |
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.
|
2024-05-14 |
CVE-2024-31458 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.
|
2024-05-14 |
CVE-2024-4853 |
Memory handling issue in editcap could cause denial of service via crafted capture file
|
2024-05-14 |
CVE-2024-32002 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
|
2024-05-14 |
CVE-2024-32020 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
|
2024-05-14 |
CVE-2024-4771 |
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-4693 |
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.
|
2024-05-14 |
CVE-2024-4776 |
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-27834 |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
|
2024-05-14 |
CVE-2024-27395 |
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
|
2024-05-14 |
CVE-2024-32004 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
|
2024-05-14 |
CVE-2024-27401 |
In the Linux kernel, the following vulnerability has been resolved:
firewire: nosy: ensure user_length is taken into account when fetching packet contents
|
2024-05-14 |
CVE-2024-32021 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning
will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
|
2024-05-14 |
CVE-2024-4774 |
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-4765 |
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context.
*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-4767 |
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
|
2024-05-14 |
CVE-2024-4766 |
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-3044 |
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
|
2024-05-14 |
CVE-2024-4773 |
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
|
2024-05-14 |
CVE-2024-33871 |
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 (ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754
|
2024-05-10 |
CVE-2024-4317 |
postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
|
2024-05-10 |
CVE-2024-29857 |
An issue was discovered in Bouncy Castle Java Cryptography APIs before ...
NOTE: https://github.com/bcgit/bc-java/issues/1635
NOTE: https://www.bouncycastle.org/latest_releases.html
DEBIANBUG: [1070655]
|
2024-05-09 |
CVE-2024-24787 |
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
|
2024-05-08 |
CVE-2024-30172 |
Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code.
|
2024-05-08 |
CVE-2024-4438 |
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
|
2024-05-08 |
CVE-2024-4436 |
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
|
2024-05-08 |
CVE-2024-4437 |
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
|
2024-05-08 |
CVE-2024-24788 |
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
|
2024-05-08 |
CVE-2024-4030 |
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
|
2024-05-07 |
CVE-2024-34397 |
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
|
2024-05-07 |
CVE-2024-34064 |
Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.
|
2024-05-06 |
CVE-2024-34069 |
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.
|
2024-05-06 |
CVE-2023-51596 |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.
|
2024-05-03 |
CVE-2022-48675 |
In the Linux kernel, the following vulnerability has been resolved:
IB/core: Fix a nested dead lock as part of ODP flow
|
2024-05-03 |
CVE-2024-2410 |
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.
|
2024-05-03 |
CVE-2022-48674 |
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix pcluster use-after-free on UP platforms
|
2024-05-03 |
CVE-2022-48695 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix use-after-free warning
|
2024-05-03 |
CVE-2022-48671 |
In the Linux kernel, the following vulnerability has been resolved:
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
|
2024-05-03 |
CVE-2023-44431 |
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.
|
2024-05-03 |
CVE-2023-51589 |
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.
|
2024-05-03 |
CVE-2022-48701 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
|
2024-05-03 |
CVE-2022-48686 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix UAF when detecting digest errors
|
2024-05-03 |
CVE-2022-48687 |
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 Segment Routing Headers. This configuration is realised via netlink through four attributes: SEG6_ATTR_HMACKEYID, SEG6_ATTR_SECRET, SEG6_ATTR_SECRETLEN and SEG6_ATTR_ALGID.
|
2024-05-03 |
CVE-2022-48698 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix memory leak when using debugfs_lookup()
|
2024-05-03 |
CVE-2022-48699 |
In the Linux kernel, the following vulnerability has been resolved:
sched/debug: fix dentry leak in update_sched_domain_debugfs
|
2024-05-03 |
CVE-2024-34447 |
An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.
|
2024-05-03 |
CVE-2022-48693 |
In the Linux kernel, the following vulnerability has been resolved:
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
|
2024-05-03 |
CVE-2023-51592 |
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.
|
2024-05-03 |
CVE-2022-48704 |
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: add a force flush to delay work when radeon
|
2024-05-03 |
CVE-2024-34402 |
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
|
2024-05-03 |
CVE-2022-48691 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: clean up hook list when offload flags check fails
|
2024-05-03 |
CVE-2024-34403 |
An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.
|
2024-05-03 |
CVE-2022-48700 |
In the Linux kernel, the following vulnerability has been resolved:
vfio/type1: Unpin zero pages
|
2024-05-03 |
CVE-2022-48696 |
In the Linux kernel, the following vulnerability has been resolved:
regmap: spi: Reserve space for register address/padding
|
2024-05-03 |
CVE-2022-48694 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix drain SQ hang with no completion
|
2024-05-03 |
CVE-2022-48705 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921e: fix crash in chip reset fail
|
2024-05-03 |
CVE-2022-48690 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix DMA mappings leak
|
2024-05-03 |
CVE-2022-48673 |
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible access to freed memory in link clear After modifying the QP to the Error state, all RX WR would be completed with WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not wait for it is done, but destroy the QP and free the link group directly. So there is a risk that accessing the freed memory in tasklet context.
|
2024-05-03 |
CVE-2023-50229 |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.
|
2024-05-03 |
CVE-2022-48692 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: Set scmnd->result only when scmnd is not NULL
|
2024-05-03 |
CVE-2022-48702 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
|
2024-05-03 |
CVE-2022-48703 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
|
2024-05-03 |
CVE-2022-48688 |
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix kernel crash during module removal
|
2024-05-03 |
CVE-2023-51594 |
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.
|
2024-05-03 |
CVE-2023-50230 |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
|
2024-05-03 |
CVE-2022-48697 |
In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix a use-after-free
|
2024-05-03 |
CVE-2023-51580 |
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.
|
2024-05-03 |
CVE-2023-27349 |
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.
|
2024-05-03 |
CVE-2022-48670 |
In the Linux kernel, the following vulnerability has been resolved:
peci: cpu: Fix use-after-free in adev_release()
|
2024-05-03 |
CVE-2022-48672 |
In the Linux kernel, the following vulnerability has been resolved:
of: fdt: fix off-by-one error in unflatten_dt_nodes()
|
2024-05-03 |
CVE-2024-34062 |
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
|
2024-05-03 |
CVE-2022-48689 |
In the Linux kernel, the following vulnerability has been resolved:
tcp: TX zerocopy should not sense pfmemalloc status
|
2024-05-03 |
CVE-2024-4418 |
libvirt: stack use-after-free in virNetClientIOEventLoop()
|
2024-05-02 |
CVE-2024-29040 |
tpm2-tss: arbitrary quote data may go undetected by Fapi_VerifyQuote
|
2024-05-02 |
CVE-2024-29039 |
tpm2-tools: pcr selection value is not compared with the attest
|
2024-05-02 |
CVE-2024-29038 |
tpm2-tools: arbitrary quote data may go undetected by tpm2_checkquote
|
2024-05-02 |
CVE-2024-4140 |
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
|
2024-05-02 |
CVE-2024-27013 |
In the Linux kernel, the following vulnerability has been resolved:
tun: limit printing rate when illegal packet received by tun dev
|
2024-05-01 |
CVE-2024-27054 |
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix double module refcount decrement
|
2024-05-01 |
CVE-2024-26932 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()
|
2024-05-01 |
CVE-2024-27044 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
|
2024-05-01 |
CVE-2024-26939 |
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle.
|
2024-05-01 |
CVE-2024-26971 |
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays
|
2024-05-01 |
CVE-2024-27037 |
In the Linux kernel, the following vulnerability has been resolved:
clk: zynq: Prevent null pointer dereference caused by kmalloc failure
|
2024-05-01 |
CVE-2024-26998 |
In the Linux kernel, the following vulnerability has been resolved:
serial: core: Clearing the circular buffer before NULLifying it
|
2024-05-01 |
CVE-2024-26964 |
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Add error handling in xhci_map_urb_for_dma
|
2024-05-01 |
CVE-2024-27062 |
In the Linux kernel, the following vulnerability has been resolved:
nouveau: lock the client object tree.
|
2024-05-01 |
CVE-2024-27074 |
In the Linux kernel, the following vulnerability has been resolved:
media: go7007: fix a memleak in go7007_load_encoder
|
2024-05-01 |
CVE-2024-26996 |
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error
|
2024-05-01 |
CVE-2024-26963 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3-am62: fix module unload/reload behavior
|
2024-05-01 |
CVE-2024-27056 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: ensure offloading TID queue exists
|
2024-05-01 |
CVE-2024-26985 |
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init
|
2024-05-01 |
CVE-2024-26980 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
|
2024-05-01 |
CVE-2024-27077 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
|
2024-05-01 |
CVE-2024-26987 |
In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
|
2024-05-01 |
CVE-2024-26976 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: Always flush async #PF workqueue when vCPU is being destroyed
|
2024-05-01 |
CVE-2024-27031 |
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt
|
2024-05-01 |
CVE-2024-27028 |
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
|
2024-05-01 |
CVE-2024-26952 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix potencial out-of-bounds when buffer offset is invalid
|
2024-05-01 |
CVE-2024-27012 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: restore set elements when delete set fails
|
2024-05-01 |
CVE-2024-27025 |
In the Linux kernel, the following vulnerability has been resolved:
nbd: null check for nla_nest_start
|
2024-05-01 |
CVE-2024-27078 |
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-tpg: fix some memleaks in tpg_alloc
|
2024-05-01 |
CVE-2023-52648 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Unmap the surface before resetting it on a plane state
|
2024-05-01 |
CVE-2024-26997 |
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
|
2024-05-01 |
CVE-2024-27063 |
In the Linux kernel, the following vulnerability has been resolved:
leds: trigger: netdev: Fix kernel panic on interface rename trig notify
|
2024-05-01 |
CVE-2024-27041 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
|
2024-05-01 |
CVE-2024-27065 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: do not compare internal table flags on updates
|
2024-05-01 |
CVE-2024-27059 |
In the Linux kernel, the following vulnerability has been resolved:
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
|
2024-05-01 |
CVE-2023-52652 |
In the Linux kernel, the following vulnerability has been resolved:
NTB: fix possible name leak in ntb_register_device()
|
2024-05-01 |
CVE-2024-27029 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix mmhub client id out-of-bounds access
|
2024-05-01 |
CVE-2024-27005 |
In the Linux kernel, the following vulnerability has been resolved:
interconnect: Don't access req_list while it's being manipulated
|
2024-05-01 |
CVE-2024-26956 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
|
2024-05-01 |
CVE-2024-26930 |
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL.
|
2024-05-01 |
CVE-2024-27391 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: do not realloc workqueue everytime an interface is added
|
2024-05-01 |
CVE-2024-27053 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix RCU usage in connect path
|
2024-05-01 |
CVE-2024-27049 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7925e: fix use-after-free in free_irq()
|
2024-05-01 |
CVE-2024-27052 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
|
2024-05-01 |
CVE-2024-26940 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
|
2024-05-01 |
CVE-2024-27050 |
In the Linux kernel, the following vulnerability has been resolved:
libbpf: Use OPTS_SET() macro in bpf_xdp_query()
|
2024-05-01 |
CVE-2024-27072 |
In the Linux kernel, the following vulnerability has been resolved:
media: usbtv: Remove useless locks in usbtv_video_free()
|
2024-05-01 |
CVE-2024-26941 |
In the Linux kernel, the following vulnerability has been resolved:
drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau
|
2024-05-01 |
CVE-2024-27002 |
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: Do a runtime PM get on controllers during probe
|
2024-05-01 |
CVE-2024-27064 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
|
2024-05-01 |
CVE-2024-26929 |
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of fcport The server was crashing after LOGO because fcport was getting freed twice
|
2024-05-01 |
CVE-2024-26990 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
|
2024-05-01 |
CVE-2024-27076 |
In the Linux kernel, the following vulnerability has been resolved:
media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
|
2024-05-01 |
CVE-2024-26966 |
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
|
2024-05-01 |
CVE-2024-27055 |
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()
|
2024-05-01 |
CVE-2024-26962 |
In the Linux kernel, the following vulnerability has been resolved:
dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape
|
2024-05-01 |
CVE-2024-26984 |
In the Linux kernel, the following vulnerability has been resolved:
nouveau: fix instmem race condition around ptr stores
|
2024-05-01 |
CVE-2024-26958 |
In the Linux kernel, the following vulnerability has been resolved:
nfs: fix UAF in direct writes
|
2024-05-01 |
CVE-2024-27035 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to guarantee persisting compressed blocks by CP
|
2024-05-01 |
CVE-2024-27019 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
|
2024-05-01 |
CVE-2024-27039 |
In the Linux kernel, the following vulnerability has been resolved:
clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
|
2024-05-01 |
CVE-2024-27010 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Fix mirred deadlock on device recursion
|
2024-05-01 |
CVE-2024-26968 |
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays
|
2024-05-01 |
CVE-2024-26933 |
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix deadlock in port "disable" sysfs attribute
|
2024-05-01 |
CVE-2024-27016 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: validate pppoe header
|
2024-05-01 |
CVE-2024-27051 |
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
|
2024-05-01 |
CVE-2024-27018 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: skip conntrack input hook for promisc packets
|
2024-05-01 |
CVE-2024-26948 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add a dc_state NULL check in dc_state_release
|
2024-05-01 |
CVE-2024-26949 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/pm: Fix NULL pointer dereference when get power limit
|
2024-05-01 |
CVE-2024-27068 |
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
|
2024-05-01 |
CVE-2024-26991 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes
|
2024-05-01 |
CVE-2024-26970 |
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
|
2024-05-01 |
CVE-2024-26989 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: hibernate: Fix level3 translation fault in swsusp_save()
|
2024-05-01 |
CVE-2024-27067 |
In the Linux kernel, the following vulnerability has been resolved:
xen/evtchn: avoid WARN() when unbinding an event channel
|
2024-05-01 |
CVE-2024-27079 |
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix NULL domain on device release
|
2024-05-01 |
CVE-2024-26935 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix unremoved procfs host directory regression
|
2024-05-01 |
CVE-2024-27023 |
In the Linux kernel, the following vulnerability has been resolved:
md: Fix missing release of 'active_io' for flush
|
2024-05-01 |
CVE-2024-27027 |
In the Linux kernel, the following vulnerability has been resolved:
dpll: fix dpll_xa_ref_*_del() for multiple registrations
|
2024-05-01 |
CVE-2024-26936 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
|
2024-05-01 |
CVE-2024-26975 |
In the Linux kernel, the following vulnerability has been resolved:
powercap: intel_rapl: Fix a NULL pointer dereference
|
2024-05-01 |
CVE-2024-27061 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ce - Fix use after free in unprepare
|
2024-05-01 |
CVE-2024-27036 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix writeback data corruption
|
2024-05-01 |
CVE-2024-26947 |
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
|
2024-05-01 |
CVE-2024-26950 |
In the Linux kernel, the following vulnerability has been resolved:
wireguard: netlink: access device through ctx instead of peer
|
2024-05-01 |
CVE-2024-26960 |
In the Linux kernel, the following vulnerability has been resolved:
mm: swap: fix race between free_swap_and_cache() and swapoff()
|
2024-05-01 |
CVE-2024-26965 |
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
|
2024-05-01 |
CVE-2024-27057 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend
|
2024-05-01 |
CVE-2024-27030 |
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: Use separate handlers for interrupts
|
2024-05-01 |
CVE-2024-27015 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: incorrect pppoe tuple
|
2024-05-01 |
CVE-2024-26977 |
In the Linux kernel, the following vulnerability has been resolved:
pci_iounmap(): Fix MMIO mapping leak
|
2024-05-01 |
CVE-2024-27033 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic
|
2024-05-01 |
CVE-2024-26961 |
In the Linux kernel, the following vulnerability has been resolved:
mac802154: fix llsec key resources release in mac802154_llsec_key_del
|
2024-05-01 |
CVE-2024-26946 |
In the Linux kernel, the following vulnerability has been resolved:
kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
|
2024-05-01 |
CVE-2024-26999 |
In the Linux kernel, the following vulnerability has been resolved:
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
|
2024-05-01 |
CVE-2024-26943 |
In the Linux kernel, the following vulnerability has been resolved:
nouveau/dmem: handle kcalloc() allocation failure
|
2024-05-01 |
CVE-2024-27069 |
In the Linux kernel, the following vulnerability has been resolved:
ovl: relax WARN_ON in ovl_verify_area()
|
2024-05-01 |
CVE-2024-27070 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault
|
2024-05-01 |
CVE-2024-27073 |
In the Linux kernel, the following vulnerability has been resolved:
media: ttpci: fix two memleaks in budget_av_attach
|
2024-05-01 |
CVE-2024-27388 |
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix some memleaks in gssx_dec_option_array
|
2024-05-01 |
CVE-2024-27075 |
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: avoid stack overflow warnings with clang
|
2024-05-01 |
CVE-2024-27058 |
In the Linux kernel, the following vulnerability has been resolved:
tmpfs: fix race on handling dquot rbtree
|
2024-05-01 |
CVE-2024-27071 |
In the Linux kernel, the following vulnerability has been resolved:
backlight: hx8357: Fix potential NULL pointer dereference
|
2024-05-01 |
CVE-2024-26972 |
In the Linux kernel, the following vulnerability has been resolved:
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
|
2024-05-01 |
CVE-2024-27020 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
|
2024-05-01 |
CVE-2024-26982 |
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check the inode number is not the invalid value of zero
|
2024-05-01 |
CVE-2024-27390 |
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
|
2024-05-01 |
CVE-2024-27032 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid potential panic during recovery
|
2024-05-01 |
CVE-2024-27024 |
In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix WARNING in rds_conn_connect_if_down
|
2024-05-01 |
CVE-2024-26957 |
In the Linux kernel, the following vulnerability has been resolved:
s390/zcrypt: fix reference counting on zcrypt card objects
|
2024-05-01 |
CVE-2024-33655 |
An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification.
|
2024-05-01 |
CVE-2024-27034 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to cover normal cluster write with cp_rwsem
|
2024-05-01 |
CVE-2024-26992 |
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/pmu: Disable support for adaptive PEBS
|
2024-05-01 |
CVE-2024-26959 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Fix btnxpuart_close
|
2024-05-01 |
CVE-2024-27392 |
In the Linux kernel, the following vulnerability has been resolved:
nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
|
2024-05-01 |
CVE-2024-27042 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'
|
2024-05-01 |
CVE-2024-27008 |
In the Linux kernel, the following vulnerability has been resolved:
drm: nv04: Fix out of bounds access
|
2024-05-01 |
CVE-2024-27021 |
In the Linux kernel, the following vulnerability has been resolved:
r8169: fix LED-related deadlock on module removal
|
2024-05-01 |
CVE-2024-26986 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix memory leak in create_process failure
|
2024-05-01 |
CVE-2024-26938 |
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
|
2024-05-01 |
CVE-2024-26931 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix command flush on cable pull
|
2024-05-01 |
CVE-2024-26955 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: prevent kernel bug at submit_bh_wbc()
|
2024-05-01 |
CVE-2024-27389 |
In the Linux kernel, the following vulnerability has been resolved:
pstore: inode: Only d_invalidate() is needed
|
2024-05-01 |
CVE-2024-27043 |
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.
|
2024-05-01 |
CVE-2024-26942 |
In the Linux kernel, the following vulnerability has been resolved:
net: phy: qcom: at803x: fix kernel panic with at8031_probe
|
2024-05-01 |
CVE-2024-26951 |
In the Linux kernel, the following vulnerability has been resolved:
wireguard: netlink: check for dangling peer via is_dead instead of empty list
|
2024-05-01 |
CVE-2024-27007 |
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
|
2024-05-01 |
CVE-2024-27080 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix race when detecting delalloc ranges during fiemap
|
2024-05-01 |
CVE-2024-26981 |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix OOB in nilfs_set_de_type
|
2024-05-01 |
CVE-2023-52649 |
In the Linux kernel, the following vulnerability has been resolved:
drm/vkms: Avoid reading beyond LUT array
|
2024-05-01 |
CVE-2024-27040 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
|
2024-05-01 |
CVE-2024-26954 |
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
|
2024-05-01 |
CVE-2024-27038 |
In the Linux kernel, the following vulnerability has been resolved:
clk: Fix clk_core_get NULL dereference
|
2024-05-01 |
CVE-2023-36268 |
An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt file.
|
2024-04-30 |
CVE-2022-3102 |
The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token.
CVE-2022-3102 is specific to cases where jwcrypto's tokens are used for authentication or authorization. It requires an unlikely configuration where the application verifying tokens has access to the private key that was used to sign them. Given that python-jwcrypto is not used in AL2 for authentication or authorization and the special conditions required to exploit CVE-2022-3102, a fix will not be provided at this time for Amazon Linux 2.
|
2024-04-30 |
CVE-2024-27281 |
ruby: RCE vulnerability with .rdoc_options in RDoc
|
2024-04-29 |
CVE-2024-27322 |
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.
|
2024-04-29 |
CVE-2024-27280 |
ruby: Buffer overread vulnerability in StringIO
|
2024-04-29 |
CVE-2024-27282 |
ruby: Arbitrary memory address read vulnerability with Regex search
|
2024-04-29 |
CVE-2022-48665 |
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix overflow for large capacity partition
|
2024-04-28 |
CVE-2022-48641 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix memory leak when blob is malformed
|
2024-04-28 |
CVE-2022-48652 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix crash by keep old cfg when update TCs more than queues
|
2024-04-28 |
CVE-2023-52722 |
An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.
|
2024-04-28 |
CVE-2022-48635 |
In the Linux kernel, the following vulnerability has been resolved:
fsdax: Fix infinite loop in dax_iomap_rw()
|
2024-04-28 |
CVE-2022-48656 |
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
|
2024-04-28 |
CVE-2022-48645 |
In the Linux kernel, the following vulnerability has been resolved:
net: enetc: deny offload of tc-based TSN features on VF interfaces
|
2024-04-28 |
CVE-2022-48642 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
|
2024-04-28 |
CVE-2022-48662 |
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference to protect its i915->gem.contexts.list iteration. However, this requires that we do not remove the context from the list until after we drop the final reference and release the struct. If, as currently, we remove the context from the list during context_close(), the link.next pointer may be poisoned while we are holding the context reference and cause a GPF
|
2024-04-28 |
CVE-2022-48655 |
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses.
|
2024-04-28 |
CVE-2022-48633 |
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: Fix WARN_ON(lock->magic != lock) error
|
2024-04-28 |
CVE-2022-48644 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: avoid disabling offload when it was never enabled
|
2024-04-28 |
CVE-2022-48659 |
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: fix to return errno if kmalloc() fails
|
2024-04-28 |
CVE-2022-48636 |
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
|
2024-04-28 |
CVE-2022-48666 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix a use-after-free
|
2024-04-28 |
CVE-2022-48664 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix hang during unmount when stopping a space reclaim worker
|
2024-04-28 |
CVE-2022-48668 |
In the Linux kernel, the following vulnerability has been resolved:
smb3: fix temporary data corruption in collapse range
|
2024-04-28 |
CVE-2022-48634 |
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: Fix BUG: sleeping function called from invalid context errors
|
2024-04-28 |
CVE-2022-48650 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
|
2024-04-28 |
CVE-2022-48639 |
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix possible refcount leak in tc_new_tfilter()
|
2024-04-28 |
CVE-2022-48646 |
In the Linux kernel, the following vulnerability has been resolved:
sfc/siena: fix null pointer dereference in efx_hard_start_xmit
|
2024-04-28 |
CVE-2022-48637 |
In the Linux kernel, the following vulnerability has been resolved:
bnxt: prevent skb UAF after handing over to PTP worker
|
2024-04-28 |
CVE-2022-48651 |
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option name of PACKET_QDISC_BYPASS, the skb->mac_header may not be reset and remains as the initial value of 65535, this may trigger slab-out-of-bounds bugs as following:
|
2024-04-28 |
CVE-2022-48654 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
|
2024-04-28 |
CVE-2024-26927 |
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Add some bounds checking to firmware data
|
2024-04-28 |
CVE-2022-48647 |
In the Linux kernel, the following vulnerability has been resolved:
sfc: fix TX channel offset when using legacy interrupts
|
2024-04-28 |
CVE-2022-48658 |
In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all flush_cpu_slab() invocations to the global workqueue to avoid a problem related with deactivate_slab()/__free_slab() being called from an IRQ context on PREEMPT_RT kernels.
|
2024-04-28 |
CVE-2022-48632 |
In the Linux kernel, the following vulnerability has been resolved:
i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
|
2024-04-28 |
CVE-2022-48648 |
In the Linux kernel, the following vulnerability has been resolved:
sfc: fix null pointer dereference in efx_hard_start_xmit
|
2024-04-28 |
CVE-2022-48631 |
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
|
2024-04-28 |
CVE-2022-48653 |
In the Linux kernel, the following vulnerability has been resolved:
ice: Don't double unplug aux on peer initiated reset
|
2024-04-28 |
CVE-2022-48640 |
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix NULL deref in bond_rr_gen_slave_id
|
2024-04-28 |
CVE-2022-48638 |
In the Linux kernel, the following vulnerability has been resolved:
cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
|
2024-04-28 |
CVE-2022-48667 |
In the Linux kernel, the following vulnerability has been resolved:
smb3: fix temporary data corruption in insert range
|
2024-04-28 |
CVE-2024-26928 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_debug_files_proc_show()
|
2024-04-28 |
CVE-2022-48660 |
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
|
2024-04-28 |
CVE-2022-48657 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: topology: fix possible overflow in amu_fie_setup()
|
2024-04-28 |
CVE-2022-48649 |
In the Linux kernel, the following vulnerability has been resolved:
mm/slab_common: fix possible double free of kmem_cache
|
2024-04-28 |
CVE-2022-48661 |
In the Linux kernel, the following vulnerability has been resolved:
gpio: mockup: Fix potential resource leakage when register a chip
|
2024-04-28 |
CVE-2022-48663 |
In the Linux kernel, the following vulnerability has been resolved:
gpio: mockup: fix NULL pointer dereference when removing debugfs
|
2024-04-28 |
CVE-2022-48643 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
|
2024-04-28 |
CVE-2022-48682 |
In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.
|
2024-04-26 |
CVE-2023-52646 |
In the Linux kernel, the following vulnerability has been resolved:
aio: fix mremap after fork null-deref
|
2024-04-26 |
CVE-2024-33601 |
glibc: netgroup cache may terminate daemon on memory allocation failure
|
2024-04-26 |
CVE-2024-26925 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
The commit mutex should not be released during the critical section
between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
worker could collect expired objects and get the released commit lock
within the same GC sequence.
nf_tables_module_autoload() temporarily releases the mutex to load
module dependencies, then it goes back to replay the transaction again.
Move it at the end of the abort phase after nft_gc_seq_end() is called.
|
2024-04-25 |
CVE-2024-26924 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: do not free live element
|
2024-04-25 |
CVE-2024-33600 |
glibc: null pointer dereferences after failed netgroup cache insertion
|
2024-04-25 |
CVE-2024-26926 |
In the Linux kernel, the following vulnerability has been resolved:
binder: check offset alignment in binder_get_object()
|
2024-04-25 |
CVE-2024-33602 |
glibc: netgroup cache assumes NSS callback uses in-buffer strings
|
2024-04-25 |
CVE-2024-26923 |
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix garbage collector racing against connect()
|
2024-04-25 |
CVE-2024-33599 |
glibc: stack-based buffer overflow in netgroup cache
|
2024-04-25 |
CVE-2024-4141 |
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
|
2024-04-24 |
CVE-2024-23271 |
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
|
2024-04-24 |
CVE-2024-30171 |
org.bouncycastle-bcprov-jdk18on: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
|
2024-04-24 |
CVE-2024-0151 |
Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.
|
2024-04-24 |
CVE-2024-32662 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
|
2024-04-23 |
CVE-2024-32660 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
|
2024-04-23 |
CVE-2024-32658 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
|
2024-04-23 |
CVE-2024-32659 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
|
2024-04-23 |
CVE-2024-26922 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate the parameters of bo mapping operations more clearly
|
2024-04-23 |
CVE-2024-32661 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
|
2024-04-23 |
CVE-2024-32459 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
|
2024-04-22 |
CVE-2024-32458 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
|
2024-04-22 |
CVE-2023-50186 |
gstreamer-plugins-bad-free: buffer overflow vulnerability
|
2024-04-22 |
CVE-2024-32460 |
OutOfBound Read in interleaved_decompress
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
|
2024-04-22 |
CVE-2024-32041 |
OutOfBound Read in zgfx_decompress_segment
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
|
2024-04-22 |
CVE-2024-32039 |
Integer overflow & OutOfBound Write in clear_decompress_residual_data
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
|
2024-04-22 |
CVE-2024-32040 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
|
2024-04-22 |
CVE-2024-31745 |
Libdwarf v0.9.1 was discovered to contain a heap use-after-free via the dw_empty_errlist_item function at /libdwarf/dwarf_alloc.c.
|
2024-04-19 |
CVE-2024-27980 |
Node.js: Fail to Escape Arguments Properly in Microsoft Windows
|
2024-04-18 |
CVE-2024-20380 |
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
|
2024-04-18 |
CVE-2024-32462 |
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
|
2024-04-18 |
CVE-2024-3651 |
python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
|
2024-04-18 |
CVE-2024-32473 |
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file.
|
2024-04-18 |
CVE-2024-32475 |
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.
|
2024-04-18 |
CVE-2024-26921 |
In the Linux kernel, the following vulnerability has been resolved:
inet: inet_defrag: prevent sk release while still in use
|
2024-04-18 |
CVE-2023-3758 |
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
|
2024-04-18 |
CVE-2023-52643 |
In the Linux kernel, the following vulnerability has been resolved:
iio: core: fix memleak in iio_device_register_sysfs
|
2024-04-17 |
CVE-2024-26888 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: msft: Fix memory leak
|
2024-04-17 |
CVE-2024-26914 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix incorrect mpc_combine array size
|
2024-04-17 |
CVE-2024-26841 |
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Update cpu_sibling_map when disabling nonboot CPUs
|
2024-04-17 |
CVE-2024-26844 |
In the Linux kernel, the following vulnerability has been resolved:
block: Fix WARNING in _copy_from_iter
|
2024-04-17 |
CVE-2024-26898 |
In the Linux kernel, the following vulnerability has been resolved:
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
|
2024-04-17 |
CVE-2024-26878 |
In the Linux kernel, the following vulnerability has been resolved:
quota: Fix potential NULL pointer dereference
|
2024-04-17 |
CVE-2024-26858 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map
|
2024-04-17 |
CVE-2024-26875 |
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix uaf in pvr2_context_set_notify
|
2024-04-17 |
CVE-2024-26842 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()
|
2024-04-17 |
CVE-2024-26820 |
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
|
2024-04-17 |
CVE-2024-26916 |
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/amd: flush any delayed gfxoff on suspend entry"
|
2024-04-17 |
CVE-2024-26835 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: set dormant flag on hook register failure
|
2024-04-17 |
CVE-2024-26872 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srpt: Do not register event handler until srpt device is fully setup
|
2024-04-17 |
CVE-2024-26818 |
In the Linux kernel, the following vulnerability has been resolved:
tools/rtla: Fix clang warning about mount_point var size
|
2024-04-17 |
CVE-2024-26889 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_core: Fix possible buffer overflow
|
2024-04-17 |
CVE-2024-26853 |
In the Linux kernel, the following vulnerability has been resolved:
igc: avoid returning frame twice in XDP_REDIRECT
|
2024-04-17 |
CVE-2024-26824 |
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_hash - Remove bogus SGL free on zero-length error path
|
2024-04-17 |
CVE-2024-26886 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: af_bluetooth: Fix deadlock
|
2024-04-17 |
CVE-2024-26834 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_flow_offload: release dst in case direct xmit path is used
|
2024-04-17 |
CVE-2024-26865 |
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). syzkaller reported a warning of netns tracker [0] followed by KASAN splat [1] and another ref tracker warning [1]. syzkaller could not find a repro, but in the log, the only suspicious sequence was as follows: 18:26:22 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ... connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async) The notable thing here is 0x4001 in connect(), which is RDS_TCP_PORT.
|
2024-04-17 |
CVE-2024-26846 |
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: do not wait in vain when unloading module
|
2024-04-17 |
CVE-2024-26836 |
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: think-lmi: Fix password opcode ordering for workstations
|
2024-04-17 |
CVE-2024-26901 |
In the Linux kernel, the following vulnerability has been resolved:
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
|
2024-04-17 |
CVE-2024-26863 |
In the Linux kernel, the following vulnerability has been resolved:
hsr: Fix uninit-value access in hsr_get_node()
|
2024-04-17 |
CVE-2024-26883 |
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stackmap overflow check on 32-bit arches
|
2024-04-17 |
CVE-2024-26917 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
|
2024-04-17 |
CVE-2024-26871 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
|
2024-04-17 |
CVE-2024-26903 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
|
2024-04-17 |
CVE-2024-26920 |
In the Linux kernel, the following vulnerability has been resolved:
tracing/trigger: Fix to return error if failed to alloc snapshot
|
2024-04-17 |
CVE-2023-52642 |
In the Linux kernel, the following vulnerability has been resolved:
media: rc: bpf attach/detach requires write permission
|
2024-04-17 |
CVE-2024-26910 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix performance regression in swap operation
|
2024-04-17 |
CVE-2024-26915 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
|
2024-04-17 |
CVE-2024-26868 |
In the Linux kernel, the following vulnerability has been resolved:
nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
|
2024-04-17 |
CVE-2024-26899 |
In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between bd_link_disk_holder and partition scan
|
2024-04-17 |
CVE-2024-26890 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btrtl: fix out of bounds memory access
|
2024-04-17 |
CVE-2024-26833 |
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix memory leak in dm_sw_fini()
|
2024-04-17 |
CVE-2024-26869 |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to truncate meta inode pages forcely
|
2024-04-17 |
CVE-2024-26849 |
In the Linux kernel, the following vulnerability has been resolved:
netlink: add nla be16/32 types to minlen array
|
2024-04-17 |
CVE-2024-26859 |
In the Linux kernel, the following vulnerability has been resolved:
net/bnx2x: Prevent access to a freed page in page_pool
|
2024-04-17 |
CVE-2024-26857 |
In the Linux kernel, the following vulnerability has been resolved:
geneve: make sure to pull inner header in geneve_rx()
|
2024-04-17 |
CVE-2024-26909 |
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
|
2024-04-17 |
CVE-2024-26919 |
In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: Fix debugfs directory leak
|
2024-04-17 |
CVE-2024-26900 |
In the Linux kernel, the following vulnerability has been resolved:
md: fix kmemleak of rdev->serial
|
2024-04-17 |
CVE-2024-3900 |
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
|
2024-04-17 |
CVE-2024-2961 |
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
|
2024-04-17 |
CVE-2024-26856 |
In the Linux kernel, the following vulnerability has been resolved:
net: sparx5: Fix use after free inside sparx5_del_mact_entry
|
2024-04-17 |
CVE-2024-26851 |
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
|
2024-04-17 |
CVE-2024-26880 |
In the Linux kernel, the following vulnerability has been resolved:
dm: call the resume method on internal suspend
|
2024-04-17 |
CVE-2024-26861 |
In the Linux kernel, the following vulnerability has been resolved:
wireguard: receive: annotate data-race around receiving_counter.counter
|
2024-04-17 |
CVE-2024-26825 |
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
|
2024-04-17 |
CVE-2024-26847 |
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas: use correct function name for resetting TCE tables
|
2024-04-17 |
CVE-2024-26826 |
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix data re-injection from stale subflow
|
2024-04-17 |
CVE-2024-26887 |
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: Fix memory leak
|
2024-04-17 |
CVE-2024-26828 |
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix underflow in parse_server_interfaces()
|
2024-04-17 |
CVE-2024-26893 |
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix double free in SMC transport cleanup path
|
2024-04-17 |
CVE-2024-26832 |
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix missing folio cleanup in writeback race path
|
2024-04-17 |
CVE-2024-26918 |
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix active state requirement in PME polling
|
2024-04-17 |
CVE-2024-26839 |
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix a memleak in init_credit_return
|
2024-04-17 |
CVE-2024-26850 |
In the Linux kernel, the following vulnerability has been resolved:
mm/debug_vm_pgtable: fix BUG_ON with pud advanced test
|
2024-04-17 |
CVE-2024-26829 |
In the Linux kernel, the following vulnerability has been resolved:
media: ir_toy: fix a memleak in irtoy_tx
|
2024-04-17 |
CVE-2024-26879 |
In the Linux kernel, the following vulnerability has been resolved:
clk: meson: Add missing clocks to axg_clk_regmaps
|
2024-04-17 |
CVE-2024-26845 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Add TMF to tmr_list handling
|
2024-04-17 |
CVE-2024-26862 |
In the Linux kernel, the following vulnerability has been resolved:
packet: annotate data-races around ignore_outgoing
|
2024-04-17 |
CVE-2024-26904 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
|
2024-04-17 |
CVE-2024-26840 |
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefiles_add_cache()
|
2024-04-17 |
CVE-2024-26867 |
In the Linux kernel, the following vulnerability has been resolved:
comedi: comedi_8255: Correct error in subdevice initialization
|
2024-04-17 |
CVE-2024-26822 |
In the Linux kernel, the following vulnerability has been resolved:
smb: client: set correct id, uid and cruid for multiuser automounts
|
2024-04-17 |
CVE-2024-26848 |
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix endless loop in directory parsing
|
2024-04-17 |
CVE-2024-3854 |
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-21052 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21049 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21096 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
|
2024-04-16 |
CVE-2024-3853 |
A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.
|
2024-04-16 |
CVE-2024-21055 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-3860 |
An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125.
|
2024-04-16 |
CVE-2024-21056 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21069 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-3863 |
The executable file warning was not presented when downloading .xrm-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-21061 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21000 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
|
2024-04-16 |
CVE-2024-3856 |
A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125.
|
2024-04-16 |
CVE-2024-21012 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
|
2024-04-16 |
CVE-2024-21047 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21102 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-20994 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21094 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
|
2024-04-16 |
CVE-2024-3302 |
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-21013 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21050 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21057 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21002 |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
|
2024-04-16 |
CVE-2024-3865 |
Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125.
|
2024-04-16 |
CVE-2024-3855 |
In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.
|
2024-04-16 |
CVE-2024-21004 |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
|
2024-04-16 |
CVE-2024-21087 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21051 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21053 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-3858 |
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
|
2024-04-16 |
CVE-2024-21054 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21068 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
|
2024-04-16 |
CVE-2024-21009 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21008 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21060 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-3864 |
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-21005 |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
|
2024-04-16 |
CVE-2024-21015 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
|
2024-04-16 |
CVE-2024-3852 |
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-21003 |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
|
2024-04-16 |
CVE-2024-3859 |
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-3857 |
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-3861 |
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
|
2024-04-16 |
CVE-2024-3862 |
The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125.
|
2024-04-16 |
CVE-2024-21062 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-20998 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-21085 |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-04-16 |
CVE-2024-21011 |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
|
2024-04-16 |
CVE-2024-20993 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
|
2024-04-16 |
CVE-2024-24898 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.
This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.
|
2024-04-15 |
CVE-2024-1874 |
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing array-ish $command parameter of proc_open. A remote attacker can pass specially crafted input to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
|
2024-04-15 |
CVE-2024-3096 |
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in within the password_verify() function, which can erroneously return true. A remote attacker can bypass implemented authentication based on the vulnerable function and gain unauthorized access to the web application.
|
2024-04-15 |
CVE-2024-24891 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.
This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.
|
2024-04-15 |
CVE-2024-2756 |
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Note, the vulnerability exists due to incomplete fix for #VU67756 (CVE-2022-31629).
|
2024-04-15 |
CVE-2024-2757 |
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the mb_encode_mimeheader() function can run endlessly for certain inputs A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
|
2024-04-15 |
CVE-2024-2201 |
hw: cpu: intel:InSpectre Gadget a residual Attack Surface of Cross-privilege Spectre v2
|
2024-04-15 |
CVE-2024-2905 |
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
|
2024-04-13 |
CVE-2024-26817 |
In the Linux kernel, the following vulnerability has been resolved:
amdkfd: use calloc instead of kzalloc to avoid integer overflow
|
2024-04-13 |
CVE-2024-32487 |
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
|
2024-04-13 |
CVE-2024-2397 |
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
|
2024-04-12 |
CVE-2023-29483 |
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
|
2024-04-11 |
CVE-2024-3652 |
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
|
2024-04-11 |
CVE-2021-47211 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
|
2024-04-10 |
CVE-2021-47209 |
In the Linux kernel, the following vulnerability has been resolved:
sched/fair: Prevent dead task groups from regaining cfs_rq's
|
2024-04-10 |
CVE-2021-47207 |
In the Linux kernel, the following vulnerability has been resolved:
ALSA: gus: fix null pointer dereference on pointer block
|
2024-04-10 |
CVE-2021-47212 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Update error handler for UCTX and UMEM
|
2024-04-10 |
CVE-2021-47202 |
In the Linux kernel, the following vulnerability has been resolved:
thermal: Fix NULL pointer dereferences in of_thermal_ functions
|
2024-04-10 |
CVE-2024-23080 |
Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
|
2024-04-10 |
CVE-2021-47194 |
In the Linux kernel, the following vulnerability has been resolved:
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
|
2024-04-10 |
CVE-2024-3567 |
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
|
2024-04-10 |
CVE-2021-47193 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm80xx: Fix memory leak during rmmod
|
2024-04-10 |
CVE-2021-47183 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix link down processing to address NULL pointer dereference
|
2024-04-10 |
CVE-2021-47215 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix crash in RX resync flow
|
2024-04-10 |
CVE-2021-47204 |
In the Linux kernel, the following vulnerability has been resolved:
net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
|
2024-04-10 |
CVE-2021-47199 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: CT, Fix multiple allocations and memleak of mod acts
|
2024-04-10 |
CVE-2021-47190 |
In the Linux kernel, the following vulnerability has been resolved:
perf bpf: Avoid memory leak from perf_env__insert_btf()
|
2024-04-10 |
CVE-2021-47181 |
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: tusb6010: check return value after calling platform_get_resource()
|
2024-04-10 |
CVE-2021-47195 |
In the Linux kernel, the following vulnerability has been resolved:
spi: fix use-after-free of the add_lock mutex
|
2024-04-10 |
CVE-2021-47184 |
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix NULL ptr dereference on VSI filter sync
|
2024-04-10 |
CVE-2021-47187 |
In the Linux kernel, the following vulnerability has been resolved:
arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
|
2024-04-10 |
CVE-2021-47203 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
|
2024-04-10 |
CVE-2021-47205 |
In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: Unregister clocks/resets when unbinding
|
2024-04-10 |
CVE-2021-47189 |
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix memory ordering between normal and ordered work functions
|
2024-04-10 |
CVE-2021-47197 |
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
|
2024-04-10 |
CVE-2021-47219 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
|
2024-04-10 |
CVE-2021-47186 |
In the Linux kernel, the following vulnerability has been resolved:
tipc: check for null after calling kmemdup
|
2024-04-10 |
CVE-2021-47206 |
In the Linux kernel, the following vulnerability has been resolved:
usb: host: ohci-tmio: check return value after calling platform_get_resource()
|
2024-04-10 |
CVE-2021-47200 |
In the Linux kernel, the following vulnerability has been resolved:
drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap
|
2024-04-10 |
CVE-2021-47182 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix scsi_mode_sense() buffer length handling
|
2024-04-10 |
CVE-2021-47185 |
In the Linux kernel, the following vulnerability has been resolved:
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
|
2024-04-10 |
CVE-2024-26815 |
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check
|
2024-04-10 |
CVE-2021-47201 |
In the Linux kernel, the following vulnerability has been resolved:
iavf: free q_vectors before queues in iavf_disable_vf
|
2024-04-10 |
CVE-2021-47217 |
In the Linux kernel, the following vulnerability has been resolved:
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
|
2024-04-10 |
CVE-2021-47191 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
|
2024-04-10 |
CVE-2021-47210 |
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
|
2024-04-10 |
CVE-2021-47188 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Improve SCSI abort handling
|
2024-04-10 |
CVE-2024-3566 |
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
|
2024-04-10 |
CVE-2024-26816 |
In the Linux kernel, the following vulnerability has been resolved:
x86, relocs: Ignore relocations in .notes section
|
2024-04-10 |
CVE-2021-47192 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: sysfs: Fix hang when device state is set via sysfs
|
2024-04-10 |
CVE-2021-47216 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: advansys: Fix kernel pointer leak
|
2024-04-10 |
CVE-2021-47218 |
In the Linux kernel, the following vulnerability has been resolved:
selinux: fix NULL-pointer dereference when hashtab allocation fails
|
2024-04-10 |
CVE-2021-47214 |
In the Linux kernel, the following vulnerability has been resolved:
hugetlb, userfaultfd: fix reservation restore on userfaultfd error
|
2024-04-10 |
CVE-2021-47198 |
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
|
2024-04-10 |
CVE-2021-47196 |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Set send and receive CQ before forwarding to the driver
|
2024-04-10 |
CVE-2024-24576 |
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.
The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.
On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.
One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.
Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an [`InvalidInput`][4] error when it cannot safely escape an argument. This error will be emitted when spawning the process.
The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.
|
2024-04-09 |