CVE-2024-42083

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionicrunxdp doesn't handle multi-buffer packets properly for XDPTX and XDPREDIRECT. When a jumbo frame is received, the ionicrunxdp first makes xdp frame with al...

CVE-2024-41076

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4setsecuritylabel We leak nfsfattr and nfs4label every time we set a security xattr...

CVE-2024-41058

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscachewithdrawvolume We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in...

CVE-2020-8112 affecting package openjpeg2 for versions less than 2.3.1-12

CVE-2020-8112 affecting package openjpeg2 for versions less than 2.3.1-12. A patched version of the package is available...

CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in ofmodalias In ofmodalias, if the buffer happens to be too small even for the 1st snprintf call, the len parameter will become negative and str parameter if not NULL initially will point...

CVE-2024-36979

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage1 in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path br forward delay...

CVE-2024-37307 vulnerabilities

Vulnerabilities for packages: hubble-ui, hubble...

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-47282

Out-of-bounds write in IntelR Media SDK all versions and some IntelR oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access...

gstreamer1-plugins-good security update

1.22.1-2 - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves: RHEL-19471...

CVE-2024-22391

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...

CVE-2015-5157 affecting package kernel for versions less than 5.15.153.1-1

CVE-2015-5157 affecting package kernel for versions less than 5.15.153.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

ROS-20240329-08

The Engrampa archive manager vulnerability is related to the lack of symbolic link location checking, which leads to arbitrary writing of files to unintended locations. Exploitation of the vulnerability could allow an attacker acting remotely to upload files to arbitrary locations on the system...

Advisory ROSA-SA-2024-2378

software: pcre2 10.36 WASP: ROSA-CHROME packageevrstring: pcre2-10.36-4.src.rpm CVE-ID: CVE-2022-41409 BDU-ID: 2023-05302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2test command of the PCRE2 regular expression library is related to integer overflow. Exploitation of the vulnerability...

CVE-2024-29131

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

CVE-2020-24332 affecting package trousers for versions less than 0.3.14-7

CVE-2020-24332 affecting package trousers for versions less than 0.3.14-7. A patched version of the package is available...

CVE-2023-29409 affecting package golang for versions less than 1.20.7-1

CVE-2023-29409 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...