CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

Security Vulnerabilities fixed in Firefox ESR 115.18 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Enhanced Tracking Protection's Strict...

Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...

OPENSUSE-SU-2024:0370-1 Security update for cobbler

This update for cobbler fixes the following issues: Update to 3.3.7 Security: Fix issue that allowed anyone to connect to the API as admin CVE-2024-47533, boo1231332 bind - Fix bug that prevents cname entries from being generated successfully Fix build on RHEL9 based distributions fence-agents-al...

Unspecified vulnerability in Linux kernel (CNVD-2024-46390)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problem with flexspi compatibility strings. No details of the vulnerability are provided at this time...

CVE-2024-25431

...

CVE-2024-53046

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8ulp: correct the flexspi compatible string The flexspi on imx8ulp only has 16 LUTs, and imx8mm flexspi has 32 LUTs, so correct the compatible string here, otherwise will meet below error: 1.119072 ------------ cut...

CVE-2024-53046

CVE-2024-53046 affects Linux kernel ARM64 in the imx8ulp device tree to correct the flexspi compatible string. The issue arises because imx8ulp flexspi supports 16 LUTs whereas imx8mm supports 32 LUTs, causing a startup warning if the string is incorrect. The fix updates arm64/dts: imx8ulp to ens...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problem with flexspi compatibility strings. No details of the vulnerability are provided at this time...

SUSE-SU-2024:4029-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Pat...

Siemens SCALANCE M-800 Observable Discrepancy (CVE-2024-26306)

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

Fedora 39 : php-bartlett-PHP-CompatInfo (2024-e7bb8bc2da)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e7bb8bc2da advisory. bartlett/php-compatinfo-db 6.12.0 - 2024-10-29 Added - db:show command is now able to display deprecations on all components - PHP 8.2.25 support - PHP 8.3.1...

Fedora 40 : php-bartlett-PHP-CompatInfo (2024-727ecb90c7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-727ecb90c7 advisory. bartlett/php-compatinfo-db 6.12.0 - 2024-10-29 Added - db:show command is now able to display deprecations on all components - PHP 8.2.25 support - PHP 8.3.1...

The vulnerability of the lib/utils/ghash/ghash.cpp component of the Botan cryptographic library, related to information disclosure due to incompatibilities, allows attackers to gain access to confidential data.

The vulnerability of the lib/utils/ghash/ghash.cpp component of the Botan cryptographic library is related to the exposure of information through incompatibility. Exploiting this vulnerability could allow an attacker operating remotely to gain access to confidential data...

Fedora 37 : pgadmin4 (2022-2d5a6f48e1)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-2d5a6f48e1 advisory. Fix compatibility with newer python-azure-mgmt-rdbms. ---- Update to pgadmin4-6.17, see https://www.pgadmin.org/docs/pgadmin4/development/releasenotes617.htm...

Fedora 37 : python-m2r / python-mistune / python-mistune08 / etc (2022-e4f5866111)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-e4f5866111 advisory. - updates mistune to 2.0.4 - m2r updated to pin dependency to mistune 2 - new package: python-mistune08 compatibility package, to be used by dependents that...

kernel: filelock: Fix fcntl/close race recovery compat path

A vulnerability was found in the Linux kernel in the fcntlsetlk64 function where a potential race condition can be triggered when a file descriptor is closed during a fcntl operation's execution. This can lead to system instability or crashes...

openSUSE 15 Security Update : python-wxPython (SUSE-SU-2024:3964-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:3964-1 advisory. Security issue fixed: - CVE-2024-50602: Fixed a denial of service in the vendored libexpat's XMLResumeParser function bsc1232590. Non-security issues fixed: ...

Unbreakable Enterprise kernel security update

4.14.35-2047.542.2 - fs/dcache: allow fractional values in fs.negative-dentry-limit Gautham Ananthakrishna Orabug: 37156524 - lib/math: move intpow from pwmbl.c for wider use Andy Shevchenko Orabug: 37156524 4.14.35-2047.542.1 - genirq/cpuhotplug: Retry with cpuonlinemask when migration fails...