180 matches found
UBUNTU-CVE-2024-36476
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...
CVE-2024-36476 RDMA/rtrs: Ensure 'ib_sge list' is accessible
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...
MAL-2025-27 Malicious code in cursor-always-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 614a7726e7b2899695d56d3b75f1f9179a6fcde5654913693b20e521e476840f The OpenSSF Package Analysis project identified 'cursor-always-local' @ 1.0.2 npm as malicious. It is considered malicious because: - The packag...
Malicious code in cursor-always-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 614a7726e7b2899695d56d3b75f1f9179a6fcde5654913693b20e521e476840f The OpenSSF Package Analysis project identified 'cursor-always-local' @ 1.0.2 npm as malicious. It is considered malicious because: - The packag...
Always-Incorrect Control Flow Implementation
gradio is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to the improper handling of the enablemonitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint...
CVE-2024-46844 um: line: always fill *error_out in setup_one_line()
In the Linux kernel, the following vulnerability has been resolved: um: line: always fill errorout in setuponeline The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setuponeline...
USN-7024-1 tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical...
MAL-2024-7544 Malicious code in sap-always (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5b6d3b5acd9b98712bf1b1c0babd85de045245395e42d961a8cfd6f3fab49662 The OpenSSF Package Analysis project identified 'sap-always' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sap-always (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5b6d3b5acd9b98712bf1b1c0babd85de045245395e42d961a8cfd6f3fab49662 The OpenSSF Package Analysis project identified 'sap-always' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
AZL-42919 CVE-2024-38664 affecting package kernel for versions less than 5.15.160.1-1
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpdpsub: Always register bridge We must always register the DRM bridge, since zynqmpdphpdworkfunc calls drmbridgehpdnotify, which in turn expects hpdmutex to be initialized. We do this before zynqmpdpsubdrminit since tha...
Rockwell Automation ControlLogix, GuardLogix, and CompactLogix
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, CompactLogix Vulnerability : Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could...
systemd security update
239-82.0.1 - Fixed deletion issue for symlink when device is opened Orabug: 36228608 - Fix local-fs and remote-fs targets during system boot replaces old Orabug: 25897792 Orabug: 35871376 - 1A Add 'systemd-fstab-generator-reload-targets.service' file Orabug: 35871376 - 1B Add required rpms for...
DEBIAN-CVE-2024-27027
In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpllxarefdel for multiple registrations Currently, if there are multiple registrations of the same pin on the same dpll device, following warnings are observed: WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpllcore.c:143...
PT-2024-8229 · Podman · Podman
Name of the Vulnerable Software and Affected Versions: Podman affected versions not specified Description: A flaw in Podman may allow an attacker to create a specially crafted container that can exhaust resources in /dev/shm by creating a large number of IPC resources. This can lead to a...
UBUNTU-CVE-2021-47025
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtkiommuruntimeresume always enable the clk, even if m4udom is null. Otherwise the 'suspend' cb might disable the clk which is already disabled causing the warning: 1.586104...
Qualcomm Chipsets Security Vulnerability
Qualcomm Chipsets are a series of chipsets from Qualcomm Incorporated USA. The Qualcomm Chipsets suffer from a security vulnerability that stems from wearable device memory corruption when processing data from AON...
PT-2023-32707 · Devolutions · Devolutions Workspace
Name of the Vulnerable Software and Affected Versions: Devolutions Workspace versions 2023.3.2.0 and earlier Description: The issue allows an attacker with access to the Workspace application to access credentials when offline, due to offline mode being always enabled, even if permission disallow...
CVE-2023-3747 Insufficient Validation on Override Codes for Always-Enabled WARP Mode
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...
CVE-2023-3747 Insufficient Validation on Override Codes for Always-Enabled WARP Mode
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...
CVE-2023-40179 Silverware Games vulnerable to account enumeration via inconsistent responses
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member o...