65 matches found
CVE-2024-26999
In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...
CVE-2024-26999 serial/pmac_zilog: Remove flawed mitigation for rx irq flood
In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...
SUSE CVE-2023-52583
In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir wil...
CVE-2023-52499 powerpc/47x: Fix 47x syscall return crash
In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...
MAL-2024-869 Malicious code in wlwz-2312-7706 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75e5f2b06ed59b1023d5b7d62471910cc2c922a27ae54456320b888dc5ea7f4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-42831
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user...
Code injection
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges...
The vulnerability of the Read() function in the open-source cryptographic algorithm library Circl allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Read function in the open-source cryptographic algorithm library Circl is related to insufficient validation of input data and the failure to eliminate instructions in dynamically executed code. Exploiting this vulnerability can allow attackers to compromise the...
CVE-2023-2576
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...
MAL-2023-45 Malicious code in @miro-site/ui-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 183b4fea73bd0ece44c3d474c9357406101e8b174047197127d72219aee8ac3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-21428
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code...
CVE-2023-21428
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code...
CVE-2022-42862
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences...
CVE-2022-42796
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges...
MAL-2022-5053 Malicious code in okqaelhmbfuwipvz (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c01ccb3601c78a3af99f6779be6a4d9295bc0cf449116648d5c7e493fc01aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-26746
Summary (CVE-2022-26746) Apple macOS contained a vulnerability that could let a malicious app bypass Privacy preferences. It was addressed by removing the vulnerable code and is fixed in Security Update 2022-004 for Catalina, macOS Monterey 12.4, and macOS Big Sur 11.6.6. Across multiple sources,...
OPENSUSE-SU-2021:4109-1 Security update for logback
This update for logback fixes the following issues: Upgrade to version 1.2.8 + In response to log4Shell/CVE-2021-44228, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and insertFromJNDI element in configuration files. + Also in response to...
Code injection
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges...
CVE-2020-27903
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges...
CVE-2019-8532
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files...