CVE-2024-35949

CVE-2024-35949 affects the Linux kernel's btrfs subsystem. The root cause was that WRITTEN was not ensured on all metadata blocks, allowing potential corruption if extended leaf checks were skipped for blocks without WRITTEN. The fix adds checks to ensure WRITTEN is set and guarantees that __btrf...

CVE-2024-35949 btrfs: make sure that WRITTEN is set on all metadata blocks

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfscheckleaf if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on...

xfsdump bug fix and enhancement update

An update is available for xfsdump. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The xfsdump package contains xfsdump, xfsrestore, and other utilities for...

Ubuntu: Security Advisory (USN-6767-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause ...

[SECURITY] Fedora 38 Update: grub2-2.06-118.fc38

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

[SECURITY] Fedora 39 Update: grub2-2.06-120.fc39

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 40 Update: grub2-2.06-121.fc40

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

SQL Injection

mautic/core is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input within the Reports bundle. An attacker can retrieve and alter sensitive data, including login credentials, and depending on database permissions, manipulate file systems by injecti...

IBM Storage Protect Plus Server Access Control Error Vulnerability

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines IBM that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An access control error vulnerability exists in...

IBM Storage Protect Plus Server Information Disclosure Vulnerability (CNVD-2024-16923)

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines IBM that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An information disclosure vulnerability exists i...

Fedora: Security Advisory for grub2 (FEDORA-2024-c1fabee30e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: grub2-2.06-116.fc38

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new...

[SECURITY] Fedora 39 Update: grub2-2.06-118.fc39

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

[SECURITY] Fedora 40 Update: apache-commons-vfs-2.9.0-5.fc40

Commons VFS provides a single API for accessing various file systems. It presents a uniform view of the files from various sources, such as the files on local disk, on an HTTP server, or inside a Zip archive. Some of the features of Commons VFS are: A single consistent API for accessing files of...

BIT-DRUPAL-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

Hazelcast Security Breach

Hazelcast Hazelcast IMDG is a set of scalable open source data distribution platform of the U.S. Hazelcast company . The platform supports a variety of distributed data structures, supports distributed caching and other features. A security vulnerability exists in Hazelcast 5.3.4 and earlier...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2023-22081 and CVE-2023-22067 were disclosed in the Oracle October 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact...