OESA-2024-2295 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files "rvudebugfs.c" and "rvunix.c"CVE-2021-47484 In t...

AZL-51431 CVE-2024-49892 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize getbytesperelement's default to 1 Variables, used as denominators and maybe not assigned to other values, should not be 0. bytesperelementy & bytesperelementc are initialized by getbytesperelement whic...

UBUNTU-CVE-2024-49892

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize getbytesperelement's default to 1 Variables, used as denominators and maybe not assigned to other values, should not be 0. bytesperelementy & bytesperelementc are initialized by getbytesperelement whic...

SUSE CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

kernel: sched: act_ct: take care of padding in struct zones_ht_key

rhashtablelookup may be using padding bytes which are not initialized. This may lead to possible compromised Availability...

kernel: sched: act_ct: take care of padding in struct zones_ht_key

rhashtablelookup may be using padding bytes which are not initialized. This may lead to possible compromised Availability...

CVE-2024-48948

A flaw was found in the Elliptic Node.js package. In certain versions, the ECDSA implementation does not correctly verify valid signatures if the hash contains at least 4 leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash. This issue can lead to valid...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

Linux Foundation Decentralized Trust: Memory Leak in bytes_to_hexstring Function

The function bytestohexstring was found to have a memory leak vulnerability. The function dynamically allocated memory using malloc but did not provide a way for the caller to free the allocated memory. This could lead to an increase in the program's memory consumption over time, potentially...

CentOS 7 : postgresql (RHSA-2021:2397)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2397 advisory. - A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values,...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

GHSA-PWWP-3Q7J-9MX8 Use After Free in MicroPython

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...

GHSA-VH3X-525M-JP4R heap-buffer-overflow in MicroPython

A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

DEBIAN-CVE-2024-8948

A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

UBUNTU-CVE-2024-8948

A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

PYSEC-2024-88

A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2024-8947 MicroPython objarray.c use after free

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...

lexical-core has multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended.

...