1712 matches found
UBUNTU-CVE-2024-26583
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...
CVE-2024-26585 tls: fix race between tx work scheduling and socket close
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...
CVE-2024-26585
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...
CVE-2024-26583 tls: fix race between async notify and socket close
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...
CVE-2024-26583 tls: fix race between async notify and socket close
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...
CVE-2024-26583
CVE-2024-26583 affects the Linux kernel TLS path. The issue is a race between async crypto notify completion and socket close, where the submitting thread could exit before the crypto handler finishes, risking touching data after it has been freed. The fix routes around this by reducing complex l...
SUSE CVE-2022-48624
closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...
AZL-34458 CVE-2022-48624 affecting package less for versions less than 590-3
closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...
PT-2024-4011 · Less +9 · Less +9
Name of the Vulnerable Software and Affected Versions: less versions prior to 606 Description: The issue is related to the close altfile function in filename.c, which omits shell quote calls for LESSCLOSE. This can allow an attacker to execute arbitrary commands. Recommendations: For versions pri...
CVE-2024-25679
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTIONCLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation...
PQUIC Security Vulnerabilities
PQUIC is a framework for PQUIC open source . Enables QUIC clients and servers to dynamically exchange protocol plug-ins, thereby extending the protocol on a per-connection basis. A security vulnerability exists in versions prior to PQUIC 5bde5bb, which stems from the retention of unused initial...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
runc: file descriptor leak
A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...
EulerOS 2.0 SP10 : httpd (EulerOS-SA-2024-1085)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...