Good & Bad Comments Security Vulnerabilities

CVE-2024-26623

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e....

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e....

CVE-2024-26623 pds_core: Prevent race issues involving the adminq

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e....

CVE-2024-24784

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. "ALPHV") as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide.....

CVE-2023-50716

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...

Amazon Linux 2023 : libgit2, libgit2-devel (ALAS2023-2024-541)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-541 advisory. libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-549)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-549 advisory. 2024-05-23: CVE-2024-26665 was added to this advisory. 2024-04-25: CVE-2024-26601 was added to this advisory. 2024-04-25: CVE-2024-26602 was added to this advisory. 2024-04-10: CVE-2024-26603...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-061)

The version of kernel installed on the remote host is prior to 5.4.269-183.369. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-061 advisory. dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in ...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-039)

The version of kernel installed on the remote host is prior to 5.15.149-99.161. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-039 advisory. 2024-06-06: CVE-2023-52489 was added to this advisory. 2024-06-06: CVE-2023-52498 was added to this...

1Panel open source panel project has an unauthorized vulnerability.

Impact The steps are as follows: Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. Use Burp to intercept: When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed: It is...

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...

CVE-2024-26623

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e. pdsc_work_thread()->pdsc_process_adminq()...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-051)

The version of kernel installed on the remote host is prior to 5.10.210-201.852. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-051 advisory. dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in ...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2024-550)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-550 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and...

CVE-2024-24784

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

CVE-2024-24784

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

CVE-2024-24784

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

CVE-2024-24784

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

Design/Logic Flaw

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

CVE-2024-24784 Comments in display names are incorrectly handled in net/mail

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

Comments in display names are incorrectly handled in net/mail

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

Check your DNS! Abandoned domains used to bypass spam checks

Researchers at Guardio Labs have discovered that a group of spammers is using long-forgotten subdomains from established brands like MSN, eBay, CBS, and Marvel to send out malicious emails. The emails can bypass spam checks and to recipients they look like they come from a legitimate source. A...

Insufficient permission checking in `Deno.makeTemp*` APIs

Impact Insufficient validation of parameters in Deno.makeTemp* APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp* API.....

Insufficient permission checking in `Deno.makeTemp*` APIs

Impact Insufficient validation of parameters in Deno.makeTemp* APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp* API.....

CVE-2021-47100

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel paging....

go -- multiple vulnerabilities

The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...

CVE-2024-24784

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. Notes Author| Note ---|--- mdeslaur |.....

CentOS: Security Advisory for gstreamer1-plugins-bad-free (CESA-2024:0013)

The remote host is missing an update for...

CentOS: Security Advisory for gstreamer-plugins-bad-free (CESA-2024:0279)

The remote host is missing an update for...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libgit2 vulnerabilities (USN-6678-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6678-1 advisory. An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent ...

CVE-2023-52499

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page (b7ee2000) - exploit attempt? (uid: 0) BUG: Unable to handle kernel...

CVE-2021-47100

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel...

CVE-2021-47100

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel...

CVE-2021-47100

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel...

CVE-2021-47100 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel...

CVE-2021-47100 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel...

Why it Pays to Have a Comprehensive API Security Strategy

In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API usage continues to grow, so does the need for...

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music

"Gotta Fly Now" is more closely associated with corporate hype videos or conferences with thousands of attendees in a mid-market city's convention center than it is from its origins in the "Rocky" movies. But Heather Couk thinks it's useful in incident response calls, too. Couk, an incident...

openSUSE: Security Advisory for gstreamer (SUSE-SU-2023:3249-1)

The remote host is missing an update for...

openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3700-1)

The remote host is missing an update for...

openSUSE: Security Advisory for postfix (SUSE-SU-2023:3791-1)

The remote host is missing an update for...

openSUSE: Security Advisory for postfix (SUSE-SU-2023:3945-1)

The remote host is missing an update for...

openSUSE: Security Advisory for curl (SUSE-SU-2022:2327-2)

The remote host is missing an update for...

openSUSE: Security Advisory for seamonkey (openSUSE-SU-2023:0278-1)

The remote host is missing an update for...

openSUSE: Security Advisory for quagga (SUSE-SU-2023:3839-1)

The remote host is missing an update for...

openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:3701-1)

The remote host is missing an update for...

openSUSE: Security Advisory for samba (SUSE-SU-2023:0163-1)

The remote host is missing an update for...

openSUSE: Security Advisory for samba (SUSE-SU-2023:0162-1)

The remote host is missing an update for...