ROS-20241203-08

Vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to download larger-than-expected websites to find Open-Graph data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A...

[SECURITY] [DLA 3966-1] pypy3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3966-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura November 26, 2024 https://wiki.debian.org/LTS -...

Siemens SCALANCE M-800 Out-of-Bounds Read (CVE-2021-3506)

An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out- of-bounds memory leading to a system crash or a leak of internal kernel information. The...

The vulnerability of the amdgpu_job_free_cb() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the amdgpujobfreecb function in the drivers/gpu/drm/amd/amdgpu/amdgpujob.c file of the Linux kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility...

KLA77341 DoS vulnerability in Google Chrome

Denial of service vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories Stable Channel Update for Desktop Related products Google-Chrome CVE list CVE-2024-11395 critical Solution Update to t...

kernel: net: atlantic: eliminate double free in error handling logic

A double free vulnerability exists in the linux kernel error handling logic such that aqringfree could be called multiple times on the same ring,if the system is under stress and gets a memory allocation error.This vulnerability could lead to the loss of system availability...

kernel: mptcp: fix data races on remote_id

A race condition vulnerability was found in the Linux kernel remoteid function. Successful exploitation of the flaw can result in loss of system availability...

The vulnerability of the xenvif_flush_hash() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the xenvifflushhash function in the drivers/net/xen-netback/hash.c module of the Linux kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...

The vulnerability of the f2fs_do_shutdown() function in the f2fs file system of Linux kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the f2fsdoshutdown function in the fs/f2fs/file.c file of the f2fs file system in the Linux operating system is related to the reallocation of previously released memory due to competitive access to resources race condition. Exploiting this vulnerability could allow an attack...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an unchecked message type in the Enhanced Messages module. An attacker could exploit th...

PT-2024-34686 · Unknown · Device Management Module

Name of the Vulnerable Software and Affected Versions: Device Management Module affected versions not specified Description: The issue is related to improper device information processing in the device management module. Successful exploitation of this issue may affect system availability...

Medium: libdwarf

Issue Overview: A flaw was found in libdwarf. A possible memory leak allows an attacker to input a specially crafted file, leading to a crash. The highest threat from this vulnerability is to system availability. CVE-2020-27545 Affected Packages: libdwarf Note: This advisory is applicable to Amaz...

Amazon Linux 2 : libdwarf (ALAS-2024-2688)

The version of libdwarf installed on the remote host is prior to 20130207-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2688 advisory. A flaw was found in libdwarf. A possible memory leak allows an attacker to input a specially crafted file, leading to a crash...

Medium: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

kernel: mm/sparsemem: fix race in accessing memory_section->usage

A race condition was found on a PFN in the Linux Kernel, which can fall into the device memory region with the system memory configuration. Normal zone start and end PFNs contain the device memory PFNs as well, and the compaction triggered will try on the device memory PFNs and end up in NOP. Thi...

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial of Service Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and contr...

The vulnerability of the ext4_ioctl_getlabel() function in the file system of the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ext4ioctlgetlabel function in the fs/ext4/ioctl.c file of the Linux operating system’s file system is related to accessing memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the nilfs_check_folio() function in the nilfs2 file system of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nilfscheckfolio function in the fs/nilfs2/dir.c file of the Linux kernel’s file system nilfs2 is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility o...

KLA74224 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Extensions can be exploited to cause denial of service. 2. Type confusi...

KLA80236 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2024-15 · ECMP dissector crash Related products Wireshark CVE list CVE-2024-11596 high Solution Update to the latest version Download...