CVE-2024-49882

In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse the buffer of the extents path In ext4exttrytomergeup, set path1.pbh to NULL after it has been released, otherwise it may be released twice. An example of what triggers this is as follows: split2 map split...

CVE-2024-46832

In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call getc0compareint if timer irq is installed This avoids warning: 0.118053 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by getc0compareint on secondary CPU. We al...

CVE-2024-46758

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-38810

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

CVE-2024-7540

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

[SECURITY] Fedora 40 Update: tomcat-9.0.89-1.fc40

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS...

Unspecified Vulnerability in Oracle Solaris (CNVD-2024-25259)

Oracle Solaris is a UNIX operating system from Oracle. A security vulnerability exists in Oracle Systems' Oracle Solaris. An attacker could exploit this vulnerability to gain access to data...

less security update

590-3 - Fix CVE-2022-48624 - Resolves: RHEL-26265...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. A command execution vulnerability exists in IBM AIX version 7.3, VIOS version 4.1, which stems from Perl's failure to properly filter construct command special...

CVE-2024-22720

Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature...

IBM AIX Denial of Service Vulnerability (CNVD-2023-95293)

IBM AIX Advanced Interactive eXecutive is a UNIX-based operating system developed by IBM. A denial-of-service vulnerability exists in IBM AIX, which can be exploited by an attacker to cause a target program or system to fail to function properly, thereby denying service to legitimate users...

Moderate: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2023-38740

IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

CVE-2023-5077 vulnerabilities

Vulnerabilities for packages: k3d...

SUSE CVE-2023-4585

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 117, Firefox ESR...

IBM Sterling Connect:Express for UNIX 安全漏洞

IBM Sterling Connect:Express for UNIX is a file transfer solution from International Business Machines IBM for the UNIX platform. A security vulnerability exists in IBM Sterling Connect:Express for UNIX version 1.5, which stems from the vulnerability of the browser UI to cookies...

[SECURITY] Fedora 37 Update: kernel-6.3.7-100.fc37

The kernel meta package...

[SECURITY] Fedora 38 Update: xen-4.17.0-9.fc38

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...