CVE-2024-50243

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...

CVE-2018-9478

In processserviceattrreq and processservicesearchattrreq of sdpserver.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

AZL-53915 CVE-2024-53066 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decodegetfattrattrs Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...

UBUNTU-CVE-2024-53066

In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decodegetfattrattrs Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...

CVE-2024-53045 ASoC: dapm: fix bounds checker error in dapm_widget_list_create

In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: fix bounds checker error in dapmwidgetlistcreate The widgets array in the sndsocdapmwidgetlist has a countedby attribute attached to it, which points to the numwidgets variable. This attribute is used in bounds...

GHSA-HFF8-HJWV-J9Q7 Remote Code Execution on click of <a> Link in markdown preview

Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...

CVE-2023-4458 Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

CVE-2024-10146

The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins...

kernel: iio: core: fix memleak in iio_device_register_sysfs

In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iiodeviceregistersysfs When iiodeviceregistersysfsgroup fails, we should free iiodevopaque-chanattrgroup.attrs to prevent potential memleak...

kernel: vduse: Fix NULL pointer dereference on sysfs access

In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msgtimeout attribute via sysfs: 132.841881 T3644 BUG: kernel NULL...

kernel: USB: core: Fix deadlock in port &#34;disable&#34; sysfs attribute

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The Linux kernel CVE team has assigned CVE-2024-26933 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26933-c18d@gregkh/T...

kernel: x86/mm/pat: fix VM_PAT handling in COW mappings

CVE-2024-35877 pertains to a flaw in the Linux kernel's handling of Page Attribute Table PAT settings during Copy-On-Write COW operations. When a write operation triggers a COW event, the kernel may replace the original page table entries PTEs with anonymous folios. This replacement disrupts the...

kernel: nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attrgroups in unregisternvdimmpmu Memory pointed by 'ndpmu-pmu.attrgroups' is allocated in function 'registernvdimmpmu' and is lost after 'kfreendpmu' call in function 'unregisternvdimmpmu'...

Moderate: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

jfs: Fix uninit-value access of new_ea in ea_buffer

...

ALSA-2024:9150 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: accepts keys containing non-attribute characters CVE-2024-34064 For...

SUSE CVE-2024-50243

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...

SUSE CVE-2024-50246

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr allocsize check...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

PT-2024-12891 · Extreme Networks · Extremexos

Name of the Vulnerable Software and Affected Versions: Extreme Networks ExtremeXOS aka EXOS version 30.7.1.1 Description: The issue is related to the BGP daemon in Extreme Networks ExtremeXOS, which allows an attacker to cause a denial of service BGP session reset due to BGP attribute error...