Unbreakable Enterprise kernel security update

4.1.12-124.90.3 - SUNRPC: increase size of rpcwaitqueue.qlen from unsigned short to unsigned int Dai Ngo Orabug: 37055439 4.1.12-124.90.2 - scsi: lpfc: Fix possible memory leak in lpfcrcvpadisc Justin Tee Orabug: 36643241 CVE-2024-35930 - scsi: qla2xxx: Fix command flush on cable pull Quinn Tran...

Security Bulletin: Vulnerabilities in Jettison affect IBM watsonx.data

Summary Jettison is vulerable to denial of service attacks. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-40150 DESCRIPTION: jettison-json Jettison is vulnerable to a denial of service, caused by an out of memory flaw. By sending a specially-crafted XML or JSON data, a remote...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the parsing of nested groups or series of SGROUP tags as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields. An attacker can cause infinite recursi...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2394)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : kernel:ACPI: CPPC: Use accesswidth over bitwidth for system memory accessesCVE-2024-35995 ACPI: LPIT: Avoid u32 multiplication...

Security Bulletin: Vulnerability in Netty affects watsonx.data

Summary Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...

Wireshark CLDAP Dissector Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wireshark CLDAP Dissector DOS', 'Description' = %q This module causes infinite recursion to occur within the CLDAP dissector by sending a special...

SUSE CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

Uncontrolled Recursion

matrix-js-sdk is vulnerable to Uncontrolled Recursion. The vulnerability is caused due to an infinite recursion in getRoomUpgradeHistory function causing the code to hang. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle and also by calling...

UBUNTU-CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

matrix-js-sdk 安全漏洞

matrix-js-sdk is an application component of Matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 34.2.0, which stems from a malicious home server that can craft a room or room structure so that the predecessor forms a loop, and the getRoomUpgradeHistory function...

CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

UBUNTU-CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

PT-2024-38643

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is caused by a PDF object loop in a pattern resource, leading to infinite recursion and a stack overflow. This could allow attackers to crash the system or expose data. Recommendations For...

Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS : Libcroco vulnerabilities (USN-6958-1)

The remote Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6958-1 advisory. It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a hea...

CLSA-2024-1721659158 Fix of 66 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26810 - vfio/pci: Lock external INTx masking ops CVE-url: https://ubuntu.com/security/CVE-2024-38587 - speakup: Fix sizeof vs ARRAYSIZE bug CVE-url: https://ubuntu.com/security/CVE-2024-39493 - crypto: qat - Fix ADFDEVRESETSYNC memory leak CVE-url:...