EUVD-2024-46056

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-29785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the loss recovery logic for path probe packets. An attacker can trigger a nil-pointer dereference by sending valid QUIC packets from different remote addresses, thereby initiating the path validation logic...

SUSE CVE-2024-52811

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...

CVE-2024-52811

CVE-2024-52811 affects ngtcp2 (QUIC in C). A patch added in conn_recv_pkt skips ngtcp2_pkt_validate_ack for certain acks, allowing an invalid ack to reach qlog, where ngtcp2_qlog::write_ack_frame can underflow when largest_ack=0 and first_ack_range=15, overwriting a heap buffer and causing heap o...

PT-2024-35460 · Ngtcp2 · Ngtcp2

Name of the Vulnerable Software and Affected Versions: ngtcp2 versions prior to 1.9.1 Description: The issue arises from the lack of validation of acks before they are written to the qlog, leading to a buffer overflow. This occurs in the ngtcp2 conn::conn recv pkt function when handling an ACK,...

K000148479: Linux kernel vulnerability CVE-2023-52881

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guideline...

CVE-2024-50154

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2024-44945

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCHBEGIN and BATCHEND...

CVE-2024-44945 netfilter: nfnetlink: Initialise extack before use in ACKs

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCHBEGIN and BATCHEND...

CVE-2024-44945 netfilter: nfnetlink: Initialise extack before use in ACKs

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCHBEGIN and BATCHEND...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

CVE-2023-52881

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

CVE-2024-26677

A vulnerability in the Linux kernel affects the Remote Procedure Call over the Rx protocol rxrpc subsystem. The flaw involves an issue with delayed acknowledgments ACKs in which the system mistakenly sets the reference serial number. This reference serial number is not valid in this context and...

CVE-2024-26677

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...

UBUNTU-CVE-2024-26677

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...

CVE-2024-26677 rxrpc: Fix delayed ACKs to not set the reference serial number

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...