Security Bulletin: IBM InfoSphere Information Server is affected by a code execution vulnerability in Eclipse JGit (CVE-2023-4759)

Summary A code execution vulnerability in Eclipse JGit used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive...

CVE-2021-47579

In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-dinode The reason is that the cgroup2 filesystem returns from mkdir without instantiating t...

SUSE CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and...

DEBIAN-CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and...

SUSE CVE-2021-47335

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsyncentryslab by multi filesystem instances As syzbot reported, there is an use-after-free issue during f2fs recovery: Use-after-free write at 0xffff88823bc16040 in kfence-10:...

CVE-2021-47491

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VMEXEC. The intended usecase is to avoid TLB misses for large text segments...

CVE-2021-47491

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VMEXEC. The intended usecase is to avoid TLB misses for large text segments...

CVE-2021-47491

CVE-2021-47491 concerns the Linux kernel vulnerability in mm: khugepaged, where read-only THP for filesystems could collapse THP for readonly/executable mappings of non-regular files (e.g., block devices). The root cause is that THP collapse was allowed for such files due to an insufficient vm_fi...

CVE-2021-47491 mm: khugepaged: skip huge page collapse for special files

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VMEXEC. The intended usecase is to avoid TLB misses for large text segments...

CVE-2021-47491 mm: khugepaged: skip huge page collapse for special files

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VMEXEC. The intended usecase is to avoid TLB misses for large text segments...

DEBIAN-CVE-2021-47335

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsyncentryslab by multi filesystem instances As syzbot reported, there is an use-after-free issue during f2fs recovery: Use-after-free write at 0xffff88823bc16040 in kfence-10:...

CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

...

Exploit for Improper Handling of Insufficient Permissions or Privileges in Apple Macos

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

Path traversal

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...

util-linux: Multiple Vulnerabilities

Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details. Impact Please review the referenc...