2566 matches found
OESA-2024-1407 cri-o security update
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A...
OESA-2024-1408 cri-o security update
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the...
OESA-2024-1386 ignition security update
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...
OESA-2024-1385 ignition security update
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...
Exploit for CVE-2023-45288
PoC for CVE-2023-45288 This is a proof-of-concept code for th...
Exploit for Command Injection in Dlink Dns-320L_Firmware
D-Link NAS Command Execution Exploit This Python script explo...
SUSE CVE-2024-26731
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...
CVE-2024-26785 iommufd: Fix protection fault in iommufd_test_syz_conv_iova
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufdtestsyzconviova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 1 SMP KASAN KASAN: null-ptr-deref in range...
DEBIAN-CVE-2024-26731
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...
UBUNTU-CVE-2024-26731
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...
UBUNTU-CVE-2024-26685
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite, which handles the completion of block device writes, may detect abnormal condition of the buffer asyncwrite flag and cause a BUGO...
CVE-2023-52296
IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547...
PT-2024-14508 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to a denial of service condition that can occur when querying a specific UDF built-in function concurrently. Recommendations: For I...
IBM Db2 输入验证错误漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from an input validation error vulnerability that stems from the susceptibility to denial-of-service attacks wh...
kernel: GSM multiplexing race condition leads to privilege escalation
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...
kernel: GSM multiplexing race condition leads to privilege escalation
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...
CLSA-2024-1711492417 Fix CVE(s): CVE-2024-0985
SECURITY UPDATE: Execution of arbitrary SQL functions as the command issuer because of late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY - debian/patches/CVE-2024-0985.patch: run REFRESH MATERIALIZED VIEW CONCURRENTLY in right security context - CVE-2024-0985...
GO-2024-2654 Denial of service in github.com/argoproj/argo-cd/v2
Application may crash due to concurrent writes, leading to a denial of service. An attacker can crash the application continuously, making it impossible for legitimate users to access the service. Authentication is not required in the attack...
postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL
A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...
AMD CPU Competitive Conditions Vulnerability
AMD CPUs are a family of CPUs from AMD. The AMD CPUs suffer from a competitive condition vulnerability that arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during operation of a networked system or product. An attacker...