WeHere Cloud Smart Lock 安全漏洞

WeHere Cloud Smart Lock is a smart door lock application from WeHere. A security vulnerability exists in WeHere Cloud Smart Lock version v2.0.1, which stems from an APK file that leaks a URL that can be used to call the Bind to Physical Device API, allowing an attacker to brute-force find a valid...

AIX (IJ4442)

The version of AIX installed on the remote host is prior to APAR IJ4442. It is, therefore, affected by a vulnerability as referenced in the IJ4442 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth ...

AIX (IJ4909)

The version of AIX installed on the remote host is prior to APAR IJ4909. It is, therefore, affected by a vulnerability as referenced in the IJ4909 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth ...

Improper Access Control

github.com/landlock-lsm/go-landlock is vulnerable to Improper Access Control. The vulnerability is due to the incorrect handling of TCP bind and connect operations in the BestEffort mode. An attacker can bypass intended networking through landlock.V4, landlock.V5, or self-configured restrictions ...

CVE-2024-50019 kthread: unpark only parked kthread

In the Linux kernel, the following vulnerability has been resolved: kthread: unpark only parked kthread Calling into kthread unparking unconditionally is mostly harmless when the kthread is already unparked. The wake up is then simply ignored because the target is not in TASKPARKED state. However...

AZL-52914 CVE-2024-49944 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: set skstate back to CLOSED if autobind fails in sctplistenstart In sctplistenstart invoked by sctpinetlisten, it should set the skstate back to CLOSED if sctpautobind fails due to whatever reason. Otherwise, next time when...

SUSE CVE-2024-47729

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

CVE-2024-47729

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

DEBIAN-CVE-2024-47729

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

UBUNTU-CVE-2024-47729

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to reset skstate to CLOSED in the sctp subsystem upon an auto-bind failure, which could result i...

GO-2024-3199 Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly in github.com/landlock-lsm/go-landlock

Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly in github.com/landlock-lsm/go-landlock. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

Oracle Linux 7 : bind (ELSA-2024-5930)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5930 advisory. - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

bind security update

32:9.11.4-26.0.1.P2.16 - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Add ability to change runtime limits for max types and records per name...

SUSE CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

PT-2024-41442 · Ооо 'Реак Софт' · Blitz Identity Provider

Уязвимость программного обеспечения Blitz Identity Provider связана с недостаточным ограничением попыток аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, привязать произвольную электронную почту к учетной записи пользователя...

EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-2520)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...