CVE-2024-38388

CVE-2024-38388 affects the Linux kernel ALSA component: hda/cs_dsp_ctl. The fix switches to using the control private_free callback to free the associated data block, ensuring memory is freed regardless of how the control is destroyed. Previously, hda_cs_dsp_control_remove() only freed the intern...

CVE-2024-38388 ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/csdspctl: Use privatefree for control cleanup Use the control privatefree callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original...

UBUNTU-CVE-2024-38574

In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpfobjecloadprog, there's no guarantee that obj-btf is non-NULL when passing it to btffd, and this function does not perform any check before dereferencing...

socat bug fix update

An update is available for socat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The socat utility establishes bi-directional byte streams and transfers data...

RHEL 7 : libjpeg-turbo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libjpeg-turbo: Invalid memory access in the fillinputbuffer function CVE-2017-9614 - libjpeg-turbo: sever...

Fedora: Security Advisory (FEDORA-2024-ab4573fb3b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:0921-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-1.77.2-1.fc40

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 39 Update: rust-1.77.2-1.fc39

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

BIT-TENSORFLOW-2020-15206 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...

BIT-TENSORFLOW-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

Denial of Service (DoS)

Overview images is a Cross-platform image decoderwebp/png/jpeg/gif and encoderwebp/png/jpeg for Node.js Affected versions of this package are vulnerable to Denial of Service DoS due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro...

`cpython` is unmaintained

The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer. There are also open issues for unsound code that is currently in these crates: - cpython265: Using some string functions causes segmentation faults on...

CLSA-2023-1694536738 binutils: Fix of 3 CVEs

CVE-2022-47673: Fix multiple out of bound reads which may cause a DoS - CVE-2022-47695: Fix NULL pointer segmentation fault which may cause a DoS - CVE-2022-47696: Fix read of unitialized field which may cause a DoS...

Oracle Linux 8 : wavpack (ELSA-2020-1581)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1581 advisory. - CVE-2018-19841 - CVE-2019-1010317 - CVE-2019-1010315 - CVE-2019-11498 - CVE-2018-19840 Tenable has extracted the preceding description block directly...

Fedora: Security Advisory for rust (FEDORA-2023-4824704a61)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: rust-1.71.1-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Internet Bug Bounty: CVE-2023-28322: more POST-after-PUT confusion

Libcurl, a popular open-source library for transferring data over HTTPS, had a vulnerability CVE-2023-28322 that could allow an attacker to inject data or cause the application to misbehave. The vulnerability was caused by a logic flaw that could cause libcurl to use the wrong callback function...

TensorFlow has null dereference on ParallelConcat with XLA

Impact When running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. python import tensorflow as tf func = tf.rawops.ParallelConcat para = 'shape': 0, 'values': 1 @tf.functionjitcompile=True def test: y =...

[SECURITY] Fedora 36 Update: rust-1.66.1-1.fc36

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...