CVE-2024-53189

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix bounds checker error in nl80211parseschedscan The channels array in the cfg80211scanrequest has a countedby attribute attached to it, which points to the nchannels variable. This attribute is used in bounds...

CVE-2024-53182

In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...

CVE-2024-53166

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if t...

CVE-2024-56326

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

CVE-2024-52336 affecting package tuned for versions less than 2.21.0-2

CVE-2024-52336 affecting package tuned for versions less than 2.21.0-2. A patched version of the package is available...

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

CVE-2024-56170

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent...

CVE-2024-53580

iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function...

CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1

CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-10963 affecting package pam for versions less than 1.5.3-3

CVE-2024-10963 affecting package pam for versions less than 1.5.3-3. A patched version of the package is available...

GHSA-5MPW-4546-2WCR vulnerabilities

Vulnerabilities for packages: ruby3.3-elasticsearch, ruby3.2-elasticsearch...

pam: libpam: Libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

Moderate: Red Hat Security Advisory: libsndfile:1.0.31 security update

An update for the libsndfile:1.0.31 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

libsndfile: Segmentation fault error in ogg_vorbis.c:417 vorbis_analysis_wrote()

A flaw was found in the libsndfile package. A specially crafted input file may trigger an out-of-bounds read, leading to memory corruption and a denial of service...

CVE-2024-54662

Dante 1.4.0 through 1.4.3 fixed in 1.4.4 has incorrect access control for some sockd.conf configurations involving socksmethod...

Moderate: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041 For more details about the security issues, including the...

Important: Red Hat Security Advisory: python36:3.6 security update

An update for the python36:3.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

gstreamer1-plugins-good security update

1.22.1-3 - CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, CVE-2024-47613 Resolves: RHEL-70954, RHEL-70967, RHEL-70941, RHEL-71027, Resolves: RHEL-71003...

firefox security update

128.5.1-1.0.1 - Update to 128.5.1 Orabug: 37370369CVE-2024-11692CVE-2024-11694 CVE-2024-11695CVE-2024-11696CVE-2024-11697CVE-2024-11699...

CVE-2023-38473 affecting package avahi for versions less than 0.8-4

CVE-2023-38473 affecting package avahi for versions less than 0.8-4. A patched version of the package is available...