13693 matches found
ROS-20240919-02
Vulnerability of the reweightentity function of the sched component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to impact confidentiality, integrity, and availability. A...
GHSA-R95W-889Q-X2GX org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1...
DEBIAN-CVE-2024-46754
In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tstrun from lwtseg6localprogops. The syzbot reported that the lwtseg6 related BPF ops can be invoked via bpftestrun without without entering inputactionendbpf first. Martin KaFai Lau said that self test for...
CVE-2024-46800 sch/netem: fix use after free in netem_dequeue
In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netemdequeue If netemdequeue enqueues packet to inner qdisc and that qdisc returns NETXMITSTOLEN. The packet is dropped but qdisctreereducebacklog is not called to update the parent's q.qlen,...
CVE-2024-46800 sch/netem: fix use after free in netem_dequeue
In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netemdequeue If netemdequeue enqueues packet to inner qdisc and that qdisc returns NETXMITSTOLEN. The packet is dropped but qdisctreereducebacklog is not called to update the parent's q.qlen,...
CVE-2024-46787 userfaultfd: fix checks for huge PMDs
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmdtranshuge check", v2. The pmdtranshuge code in mfillatomic is wrong in three different ways depending on kernel version: 1. The pmdtranshuge che...
GHSA-9JMP-J63G-8X6M Withdrawn Advisory: Lunary information disclosure vulnerability
Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...
CVE-2024-46703
In the Linux kernel, the following vulnerability has been resolved: Revert "serial: 8250omap: Set the console genpd always on if no console suspend" This reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940. Kevin reported that this causes a crash during suspend on platforms that dont use PM...
CVE-2024-46693 soc: qcom: pmic_glink: Fix race during initialization
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmicglink child drivers, the protection-domain notifiers fires, and the associated work is...
UBUNTU-CVE-2024-6389
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...
CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...
CVE-2024-6389
Removed by vendor...
PT-2024-37586 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab-CE/EE versions 17.0 through 17.1.7 GitLab-CE/EE versions 17.2 through 17.2.5 GitLab-CE/EE versions 17.3 through 17.3.2 Description: An issue was discovered in GitLab-CE/EE where an attacker, as a guest user, was able to access commit...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 17.0 to...
CVE-2024-45017
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...
ext4: fix infinite loop when replaying fast_commit
...
kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"
A vulnerability was found in the wbdirtylimits function in the Linux kernel, where a removed u64 cast in the dtc-wbthresh dtc-bgthresh operation can result in multiplication overflow on 32-bit architectures. This issue could lead to memory corruption or performance issues...
CVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...
SUSE-SU-2024:3186-1 Security update for buildah
This update for buildah fixes the following issues: Update to version 1.35.4: CVE-2024-3727 updates bsc1224117 Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: correctly configure /etc/hosts and resolv.conf buildah: refactor resolv/hosts setup. rename...
CVE-2024-45040
CVE-2024-45040 affects gnark’s Groth16 proofs that use commitments to private witnesses. The issue breaks zero-knowledge properties when commitments are used with Groth16 (PLONK is not affected). Attacks could enumerate possible witness values if small, compromising privacy; completeness and soun...