CVE-2024-57926

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private-alldrmprivatei-drm to NULL if mtkdrmbind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtkdrmbind, all private's drm are set as follows...

MAL-2025-66 Malicious code in jupyter-binding (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...

Malicious code in jupyter-binding (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...

Server-side Request Forgery (SSRF)

Overview timetagger is a Tag your time, get the insight - an open source time tracker for individuals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to binding to 0.0.0.0:80 by default and not checking for localhost requests in the getwebtokenlocalhost...

AZL-56312 CVE-2024-56568 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when ofdmaconfigure for client is called after the iommudeviceregiste...

CVE-2024-56568 iommu/arm-smmu: Defer probe of clients after smmu device bound

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when ofdmaconfigure for client is called after the iommudeviceregiste...

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

The U.S. Cybersecurity and Infrastructure Security Agency CISA has issued Binding Operational Directive BOD 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications SCuBA secure configuration baselines. "Recent cybersecurity...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-14933link is external NUUO NVRmini Devices OS Command Injection Vulnerability CVE-2022-23227link is external NUUO NVRmini 2 Devices Missing Authentication...

USN-7165-1 libspring-java vulnerability

It was discovered that the Spring Framework incorrectly handled web requests via data binding. An attacker could possibly use this issue to achieve remote code execution and obtain sensitive information...

CISA Issues BOD 25-01, Implementing Secure Practices for Cloud Services

Today, CISA issued Binding Operational Directive BOD 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud...

PT-2025-8833

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue occurs because not all devices have an ACPI companion fwnode, which can result in a NULL pointer dereference in the skl...

DEBIAN-CVE-2024-53139

In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctpv6available A lockdep report 1 with CONFIGPROVERCULIST=y hints that sctpv6available is calling devgetbyindexrcu and ipv6chkaddr without holding rcu. 1 ============================= WARNING: suspiciou...

The vulnerability of the wmi_char_open() function in Linux operating system kernels, which allows a hacker to cause a service failure

The vulnerability of the wmicharopen function in Linux operating system kernels is related to the lack of binding of the driver to the device due to a pointer assignment error. Exploiting this vulnerability can allow an attacker to trigger a service failure...

The vulnerability of the driver for the imon component (drivers/media/rc/imon.c) in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the driver for the imon component drivers/media/rc/imon.c in Linux operating systems is related to an incorrect binding of the interface to the driver due to insufficient validation of input data. Exploiting this vulnerability can allow a perpetrator to cause service failures...

PT-2024-8764 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 24.11 Description: The issue is related to weaknesses in the authentication procedure of the M-Files Server platform, which can be exploited by a remote attacker to bypass authentication and elevate privileges...

YugabyteDB 日志信息泄露漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from LDAP binding passwords being recorded in plain text in application logs. This leads to an information disclosure...

openldap bug fix update

An update is available for openldap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LD...

The vulnerability of the process.binding() function in the Node.js software platform allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the process.binding function in the Node.js platform is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...

PT-2024-33146 · Unknown · Cloud Smart Lock

Name of the Vulnerable Software and Affected Versions: Cloud Smart Lock version 2.0.1 Description: The issue concerns a leaked URL in the APK file that can be used to call an API for binding physical devices. This allows attackers to construct requests to bind the app to unknown devices by findin...

CVE-2024-48548

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack...