GHSA-XH87-MX6M-69F3 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Summary When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For header. Because AWS ALB appends the real client IP address to the end of the X-Forwarded-For header, the first...

Azure Linux 3.0 Security Update: kernel (CVE-2024-24857)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24857 advisory. - A race condition was found in the Linux kernel's net/bluetooth device driver in conninfomin,maxageset...

kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set()

A race condition was found in the Linux kernel's net/bluetooth device driver within the conninfomin,maxageset function. This issue can lead to an integrity overflow issue, potentially disrupting Bluetooth connections or facilitating a denial of service attack...

PT-2024-8127 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: The issue is related to the get apcli conn info function in the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in an OS command. This can be...

SUSE CVE-2024-24857

A race condition was found in the Linux kernel's net/bluetooth device driver in conninfomin,maxageset function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service...

kernel: bt sco_conninfo infoleak

The scosockgetsockoptold function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCOCONNINFO option...