protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

SUSE CVE-2024-47658

In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process...

Ubuntu: Security Advisory (USN-7060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : EDK II vulnerabilities (USN-7060-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7060-1 advisory. It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local...

Security update for redis

This update for redis fixes the following issues: CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

DEBIAN-CVE-2024-47658

In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process...

UBUNTU-CVE-2024-47658

In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process...

CVE-2024-47658 crypto: stm32/cryp - call finalize with bh disabled

In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process...

CVE-2024-47658 crypto: stm32/cryp - call finalize with bh disabled

In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not disabling BH during a finalize operation in interrupt mode, resulting in a spinlock recursion warning...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install...

CVE-2024-31228

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

Redis 安全漏洞

Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis. An attacker could exploit this vulnerability to cause unlimited recursion,...

ROS-20241001-10

A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...

PT-2024-23868

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 6.2.16 Redis versions prior to 7.2.6 Redis versions prior to 7.4.1 Description: Redis, an open source, in-memory database, has a denial-of-service issue. Authenticated users can trigger this by using specially crafted,...

OESA-2024-2208 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid ma...

Unbreakable Enterprise kernel security update

4.1.12-124.90.3 - SUNRPC: increase size of rpcwaitqueue.qlen from unsigned short to unsigned int Dai Ngo Orabug: 37055439 4.1.12-124.90.2 - scsi: lpfc: Fix possible memory leak in lpfcrcvpadisc Justin Tee Orabug: 36643241 CVE-2024-35930 - scsi: qla2xxx: Fix command flush on cable pull Quinn Tran...

Security Bulletin: Vulnerabilities in Jettison affect IBM watsonx.data

Summary Jettison is vulerable to denial of service attacks. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-40150 DESCRIPTION: jettison-json Jettison is vulnerable to a denial of service, caused by an out of memory flaw. By sending a specially-crafted XML or JSON data, a remote...