USN-7096-1 openjdk-8 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 8 did not...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenJDK 8 vulnerabilities (USN-7096-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7096-1 advisory. Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access...

USN-7099-1 openjdk-21 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 21 did not...

CVE-2024-47072

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application. Mitigation Mitigation for this issue is either...

CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

AZL-52590 CVE-2024-50102 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...

RHEL 6 : openstack-swift (RHSA-2012:1379)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1379 advisory. OpenStack Swift http://swift.openstack.org is a highly available, distributed, eventually consistent object/blob store. It was found that OpenStack...

openSUSE Security Advisory (SUSE-SU-2024:3875-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 October 2024 CPU: CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702 CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot bsc1231711 CVE-2024-21217: Fixed partia...

SUSE-SU-2024:3875-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 October 2024 CPU: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702 - CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot bsc1231711 - CVE-2024-21217: Fixed...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2024:3802-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3802-1 advisory. Updated to version 11.0.25+9 October 2024 CPU: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702 - CVE-2024-21210: Fixed...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 October 2024 CPU: CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702 CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot bsc1231711 CVE-2024-21217: Fixed partia...

SUSE-SU-2024:3802-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 October 2024 CPU: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702 - CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot bsc1231711 - CVE-2024-21217: Fixed...

CVE-2024-50050

CVE-2024-50050 affects the Llama Stack (Meta Llama Stack) prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005, where the Python Inference API used pickle over a socket/ZeroMQ transport for deserialization. This insecure pattern enables remote code execution (RCE) when untrusted data is des...

Llama Stack 安全漏洞

Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in versions prior to Llama Stack 7a8aa775e5a267cf8660d83140011a0b7f91e005, which stems from the use of pickle as a serialization format for socket communication, and could allow...

Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054

This module provides serialization formats for use by other modules. The module includes a version of phpoffice/phpspreadsheet which has multiple known security vulnerabilities...

UBUNTU-CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

CVE-2024-50030 drm/xe/ct: prevent UAF in send_recv()

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

SUSE CVE-2024-47739

In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seqnr overflow When submitting more than 2^32 padata objects to padatadoserial, the current sorting implementation incorrectly sorts padata objects with overflowed seqnr,...