The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic sorting library is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

CVE-2024-26947 ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses

In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 "arm: extend pfnvalid to take into account freed memory map alignment" changes the semantics of pfnvalid to check presence of t...

CVE-2024-26947

CVE-2024-26947 affects the Linux kernel ARM path handling for remap/pfn validation. The description across connected docs shows that after the commit adding the new semantics for pfn_valid (to consider freed memory map alignment), a valid page for a reserved address could crash when memory was re...

CVE-2024-26947 ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses

In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 "arm: extend pfnvalid to take into account freed memory map alignment" changes the semantics of pfnvalid to check presence of t...

Moderate: Red Hat Security Advisory: harfbuzz security update

An update for harfbuzz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2024:2410 Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

SUSE CVE-2024-26868

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...

DEBIAN-CVE-2024-26868

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...

UBUNTU-CVE-2024-26868

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...

CVE-2024-26868

CVE-2024-26868 : Linux kernel nfs_layout_flexfiles path panicked when nfs4_ff_layout_prepare_ds() failed to initialize mirror_ds, leading to a NULL/missing mirror_ds dereference in ff_layout_cancel_io(). The core issue was dereferencing mirror_ds without IS_ERR_OR_NULL checks, risking a kernel pa...

CVE-2024-26868 nfs: fix panic when nfs4_ff_layout_prepare_ds() fails

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...

Adobe Bridge 缓冲区错误漏洞

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads, leading to sensitive memory leaks, which can be exploited by an attacker who can bypass measure...

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

WordPress ShopLentor plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via WL Universal Product Layout vulnerability discovered by wesley wcraft in WordPress Plugin ShopLentor versions = 2.8.3...

PT-2024-21455 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the x86/efistub in the Linux kernel, where the .compat section, a dummy PE section containing the address of the 32-bit entrypoint of the 64-bit kernel image, i...

ROS-20240329-19

A vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is related to the unrestricted resource allocation, Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

SUSE CVE-2023-52623

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: 57.202521 ============================= 57.202522 WARNING: suspicious RCU usage 57.202523...

Synology Surveillance Station SQL注入漏洞

Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A SQL injection vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed fro...

SUSE CVE-2021-47179

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfsmarkmatchinglsegsreturn Commit de144ff4234f changes pnfsreturnlayout to call pnfsmarkmatchinglsegsreturn passing NULL as the struct pnfslayoutrange argument. Unfortunately,...

DEBIAN-CVE-2021-47179

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfsmarkmatchinglsegsreturn Commit de144ff4234f changes pnfsreturnlayout to call pnfsmarkmatchinglsegsreturn passing NULL as the struct pnfslayoutrange argument. Unfortunately,...