CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

CVE-2023-40551 affecting package shim for versions less than 15.8-5

CVE-2023-40551 affecting package shim for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2023-40547 affecting package shim for versions less than 15.8-5

CVE-2023-40547 affecting package shim for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2022-28737 affecting package shim for versions less than 15.8-5

CVE-2022-28737 affecting package shim for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2024-54001

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

CVE-2024-24786 affecting package prometheus for versions less than 2.45.4-6

CVE-2024-24786 affecting package prometheus for versions less than 2.45.4-6. A patched version of the package is available...

GHSA-WWQ9-3CPR-MM53 vulnerabilities

Vulnerabilities for packages: linkerd2-proxy, starship, cargo-audit, wash, wasmcloud, xh, buck2, cedar, wadm, shadowsocks-rust, tealdeer, nushell, berg, pixi, qdrant, wit-bindgen...

CVE-2024-53139

In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctpv6available A lockdep report 1 with CONFIGPROVERCULIST=y hints that sctpv6available is calling devgetbyindexrcu and ipv6chkaddr without holding rcu. 1 ============================= WARNING: suspiciou...

CVE-2024-53132

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drmWARN: 953.586396 xe 0000:00:02.0: drm Missing outer runtime PM protection ... 953.587090 ? xepmruntimegetnoresume+0x8d/0xa0 xe 953.587208...

CVE-2024-53140

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - optional kicks off the dumping process - dump - actual dump helper, keeps getti...

CVE-2024-53130

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in blockdirtybuffer tracepoint When using the "block:blockdirtybuffer" tracepoint, markbufferdirty may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens...

GHSA-PX8V-PP82-RCVR vulnerabilities

Vulnerabilities for packages: spegel, caddy, q, k3s, buf, cloudflared, coredns, kubernetes-dns-node-cache, frp...

CVE-2024-53259 vulnerabilities

Vulnerabilities for packages: spegel, caddy, q, k3s, buf, cloudflared, coredns, kubernetes-dns-node-cache, frp...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

CVE-2024-53105

In the Linux kernel, the following vulnerability has been resolved: mm: pagealloc: move mlocked flag clearance into freepagesprepare Syzbot reported a bad page state problem caused by a page being freed using freepage still having a mlocked flag at freepagesprepare stage: BUG: Bad page state in...

CVE-2024-53114

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. Thes...

CVE-2024-36617

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-53899 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa...