UBUNTU-CVE-2024-50163

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...

CentOS 7 : kernel-alt (RHSA-2020:0740)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0740 advisory. - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an...

UBUNTU-CVE-2024-46734

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we c...

Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS', 'Description' = %q This module exploits a buffer underrun vulnerability in Microsoft's...

CVE-2024-33657

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks...

CVE-2024-33657 Smm Callout in SmmComputrace Module

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks...

CVE-2024-43815

In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to ...

UBUNTU-CVE-2024-43845

In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udfrename Syzbot reports uninitialized memory access in udfrename when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to t...

CVE-2024-43815

In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to ...

CVE-2024-43815 crypto: mxs-dcp - Ensure payload is zero when using key slot

In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mxs-dcp component failing to ensure that the payload field is zero when using a hardware key, resulting ...

SUSE CVE-2024-42155

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or...

DEBIAN-CVE-2024-42155

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that the plaintext of a protected or secure key should be cleared from the stack in the s390/pkey...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in the s390/pkey module when using IOCTLs with clear-key, protected-key, or secure-key, if an error occurs durin...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2023-32471

Dell Edge Gateway BIOS versions 3200 and 5200 contain an out-of-bounds read vulnerability in the BIOS DXE driver. A local authenticated attacker with high privileges can read stack memory, enabling potential further exploits. Remediation per PT-2024-5327: update to a BIOS version that fixes the o...

CVE-2023-32471

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits...

libcurl 安全漏洞

libcurl is a free and easy-to-use client-side URL transport library from the cURL open source. A security vulnerability exists in the libcurl URL API version 8.8.0, which stems from the fact that the function curlurlget reads outside of the stack-based buffer when processing IDN conversions,...

Dell Edge Gateway 缓冲区错误漏洞

Dell Edge Gateway is a series of intelligent gateway devices from Dell, Inc. Designed to aggregate, protect, analyze, and relay data from various sensors and devices at the edge of the network. A buffer error vulnerability exists in the Dell Edge Gateway BIOS versions 3200 and 5200, which stems...