CVE-2023-52621 bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...

K000138989: BIND vulnerability CVE-2023-5517

Security Advisory Description A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. Th...

OESA-2024-1323 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: The DNS...

EulerOS Virtualization 2.11.0 : avahi (EulerOS-SA-2024-1438)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 - A...

EulerOS Virtualization 2.9.1 : avahi (EulerOS-SA-2024-1451)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 - A...

EulerOS Virtualization 2.11.1 : avahi (EulerOS-SA-2024-1410)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 - A...

EulerOS Virtualization 2.9.0 : avahi (EulerOS-SA-2024-1466)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 - A...

keycloak: XSS via assertion consumer service URL in SAML POST-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

Reachable Assertion

Avahi is vulnerable to Reachable Assertion. the vulnerability is due to a reachable assertion in the dbussethostname function...

Reachable Assertion

Avahi is vulnerable to Reachable Assertion. the vulnerability is due to a reachable assertion in the avahirdataparse function...

Reachable Assertion

Avahi is vulnerable to Reachable Assertion. the vulnerability is due to a reachable assertion in the avahiescapelabel function...

Reachable Assertion

Avahi is vulnerable to Reachable Assertion. the vulnerability is due to a reachable assertion in the avahialternativehostname function...

Reachable Assertion

Avahi is vulnerable to Reachable Assertion. the vulnerability is due to a reachable assertion in the avahidnspacketappendrecord...

PT-2024-21632 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when a lower file's size is changed underneath overlayfs, causing an assertion in the copy up data loop. This type of use case is documented to cause undefined behavio...

Denial Of Service

libmad.so is vulnerable to Denial of service attack. The vulnerability is due to an assertion failure and application exit when the madlayerIII function in layer3.c is executed without NDEBUG defined, allowing an attacker to cause denial of service via a specially crafted audio file...

EulerOS Virtualization 2.10.1 : avahi (EulerOS-SA-2024-1353)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 - A...

EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2024-1374)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 - A...

ROS-2-1439

2.1439 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-846

2.846 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

K000138895: BIND vulnerability CVE-2023-5679

Security Advisory Description A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through...