OpenStack: malicious qcow2/vmdk images

An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...

CVE-2024-39879

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings...

PT-2024-6637 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.3 Description: The issue is related to insufficient protection of registration data in the EC2 Cloud Profile module of the JetBrains TeamCity continuous integration and delivery CI/CD system...

Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-136)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, high availability of the management node, object storage management, networking, and monitoring. Additionally, this release delivers stability improvements and addresses issues found ...

Use After Free

@fastly/js-compute is vulnerable to Use After Free. The vulnerability is due to re-use of previously freed memory in the FetchEvent.client and certain CacheEntry.prototype and Device.lookup functions. This issue could allow for an unintended data leak and often results in a Compute service crash...

CVE-2024-38375

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

@fastly/js-compute has a use-after-free in some host call implementations

Impact The implementation of the following functions were determined to include a use-after-free bug: FetchEvent.client.tlsCipherOpensslName FetchEvent.client.tlsProtocol FetchEvent.client.tlsClientCertificate FetchEvent.client.tlsJA3MD5 FetchEvent.client.tlsClientHello...

GHSA-MP3G-VPM9-9VQV @fastly/js-compute has a use-after-free in some host call implementations

Impact The implementation of the following functions were determined to include a use-after-free bug: FetchEvent.client.tlsCipherOpensslName FetchEvent.client.tlsProtocol FetchEvent.client.tlsClientCertificate FetchEvent.client.tlsJA3MD5 FetchEvent.client.tlsClientHello...

@adobe/helix-deploy (>=11.0.11 <=11.1.13) potentially affected by CVE-2024-38375 via @fastly/js-compute (>=3.11.0 <=3.15.0)

@fastly/js-compute NPM version =3.11.0, =11.0.11, =11.1.13 Source cves: CVE-2024-38375 Source advisory: OSV:GHSA-MP3G-VPM9-9VQV...

CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

CVE-2024-38375

The CVE-2024-38375 entry concerns @fastly/js-compute, a JavaScript SDK/runtime for Fastly Compute. It describes a use-after-free bug in several functions (e.g., FetchEvent.client.*, CacheEntry.prototype.userMetadata, Device.lookup) that could leak data and crash a Compute service, often returning...

CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

Fastly js-compute-runtime security vulnerability

Fastly js-compute-runtime is a Fastly open source runtime environment. A security vulnerability exists in Fastly js-compute-runtime, which stems from the implementation of multiple functions containing post-release reuse vulnerabilities...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ixattrnid in sanitycheckinode syzbot reports a kernel bug as below: F2FS-fs loop0: Mounted with checkpoint version = 48b305e4 ================================================================== BUG:...

CVE-2024-39467 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ixattrnid in sanitycheckinode syzbot reports a kernel bug as below: F2FS-fs loop0: Mounted with checkpoint version = 48b305e4 ================================================================== BUG:...

CVE-2024-39467

CVE-2024-39467 (Linux kernel, f2fs) is rooted in a missing sanity check for i_xattr_nid in f2fs_iget(). In the fiemap path this allows current_nat_addr() to read from nat_bitmap using an invalid i_xattr_nid, triggering a KASAN slab-out-of-bounds bug. The issue is fixed by adding the sanity check ...

CVE-2024-39467 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ixattrnid in sanitycheckinode syzbot reports a kernel bug as below: F2FS-fs loop0: Mounted with checkpoint version = 48b305e4 ================================================================== BUG:...

CVE-2024-36286 netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...

CVE-2024-36286

CVE-2024-36286 (Linux kernel) : Affects netfilter nfnetlink_queue logic where nf_reinject() could be called without proper rcu_read_lock, triggering suspicious RCU usage in instance_destroy_rcu. The Astra Linux security bulletin (connected doc) mirrors the Linux kernel fix and notes the vulnerabi...