13682 matches found
SUSE CVE-2024-49913
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for toppipetoprogram in commitplanesforstream This commit addresses a null pointer dereference issue in the commitplanesforstream function at line 4140. The issue could occur when toppipetoprogram ...
GHSA-C479-WQ8G-57HR Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Impact When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones officially documented for use with Pterodactyl will log query...
Privilege Context Switching Error
Overview aimeos/ai-admin-graphql is an Aimeos Admin GraphQL API extension Affected versions of this package are vulnerable to Privilege Context Switching Error through the SaaS and marketplace setups. An attacker can disrupt service availability by overwhelming the system with requests. Note: The...
Malicious code in git-commit-message-convention (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94d09a62681923adfe2316c61633ccb26eeaa743e0350118824ffd40bb4c038c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9461 Malicious code in git-commit-message-convention (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94d09a62681923adfe2316c61633ccb26eeaa743e0350118824ffd40bb4c038c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-49980
In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...
SUSE CVE-2022-49007
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfspalloccommitfreeentry Syzbot reported a null-ptr-deref bug: NILFS loop0: segctord starting. Construction interval = 5 seconds, CP frequency 3c 02 00 0f 85 26 05 00 00 49 8b 46 10 be a6...
CVE-2024-49962
In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbconverttopackage ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPIALLOCATEZEROED may fail, elements might be NULL and will cause NULL pointer dereference later...
MAL-2024-9459 Malicious code in semantic-release-commit-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbcacdbeb834ef3bac1306014ca1f8b13b913671d65327511ddd61712c6a3d09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2024-50014
In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static...
CVE-2024-50023
In the Linux kernel, the following vulnerability has been resolved: net: phy: Remove LED entry from LEDs list on unregister Commit c938ab4da0eb "net: phy: Manual remove LEDs to ensure correct ordering" correctly fixed a problem with using devm but missed removing the LED entry from the LEDs list...
DEBIAN-CVE-2022-49007
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfspalloccommitfreeentry Syzbot reported a null-ptr-deref bug: NILFS loop0: segctord starting. Construction interval = 5 seconds, CP frequency 3c 02 00 0f 85 26 05 00 00 49 8b 46 10 be a6...
CVE-2022-48991
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs like KVM don't keep accessing pages which aren't mapped anymore...
CVE-2022-48977
In the Linux kernel, the following vulnerability has been resolved: can: afcan: fix NULL pointer dereference in canrcvfilter Analogue to commit 8aa59e355949 "can: afcan: fix NULL pointer dereference in canrxregister" we need to check for a missing initialization of mlpriv in the receive path of C...
CVE-2022-49028 ixgbevf: Fix resource leak in ixgbevf_init_module()
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevfinitmodule ixgbevfinitmodule won't destroy the workqueue created by createsinglethreadworkqueue when pciregisterdriver failed. Add destroyworkqueue in fail path to prevent the resource leak...
CVE-2022-48998 powerpc/bpf/32: Fix Oops on tail call tests
In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests testbpf tail call tests end up as: testbpf: 0 Tail call leaf jited:1 85 PASS testbpf: 1 Tail call 2 jited:1 111 PASS testbpf: 2 Tail call 3 jited:1 145 PASS testbpf: 3 Tail call 4 jited...
CVE-2022-48998 powerpc/bpf/32: Fix Oops on tail call tests
In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests testbpf tail call tests end up as: testbpf: 0 Tail call leaf jited:1 85 PASS testbpf: 1 Tail call 2 jited:1 111 PASS testbpf: 2 Tail call 3 jited:1 145 PASS testbpf: 3 Tail call 4 jited...
CVE-2022-48991 mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs like KVM don't keep accessing pages which aren't mapped anymore...
CVE-2022-48991 mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs like KVM don't keep accessing pages which aren't mapped anymore...
CVE-2022-48977 can: af_can: fix NULL pointer dereference in can_rcv_filter
In the Linux kernel, the following vulnerability has been resolved: can: afcan: fix NULL pointer dereference in canrcvfilter Analogue to commit 8aa59e355949 "can: afcan: fix NULL pointer dereference in canrxregister" we need to check for a missing initialization of mlpriv in the receive path of C...