GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: php-fpmexporter, checksec, vexctl, newrelic-nri-statsd, addon-resizer, dagdotdev, terraform-provider-time, nats, mongodb-kubernetes-operator, vault-benchmark, gitlab-runner, falco, custom-pod-autoscaler-operator, blobfuse2, k8sgpt-operator, octo-sts, git-lfs,...

CVE-2025-27234

The CVE-2025-27234 entry describes a vulnerability in the Zabbix Agent 2 smartctl plugin where improper sanitization of smart.disk.get parameters allows an attacker to inject arguments into smartctl, leading to remote code execution in Zabbix 5.0. Connected sources (Debian DLA-4473-1, Debian/Ness...

kernel: s390/ptrace: handle setting of fpc register correctly

In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control fpc register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading...

SUSE CVE-2025-38629

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...

CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly narrowed conversion in acpinfitctl, which could lead to invalid parameter passing...

SUSE CVE-2024-56662

In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpinfitctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmdtofunc drivers/acpi/nfit/ core.c:416 inline BUG: KASAN: vmalloc-out-of-bounds in...

AZL-54914 CVE-2024-56662 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpinfitctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmdtofunc drivers/acpi/nfit/ core.c:416 inline BUG: KASAN: vmalloc-out-of-bounds in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an out-of-bounds read of vmalloc in the acpinfitctl function in the acpi:nfit module...

meltano (>=2.16.0 <=3.6.0b4), nmdc-schema (>=0.0.0 <=7.4.12) +2 more potentially affected by CVE-2024-53848 via check-jsonschema (>=0.21.0 <=0.29.4)

check-jsonschema PYPI version =0.21.0, =2.16.0, =0.0.0, =0.3.0, =0.3.0, =0.4.1 Source cves: CVE-2024-53848 Source advisory: OSV:GHSA-Q6MV-284R-MP36...

meltano (>=2.16.0 <=3.6.0b4), nmdc-schema (>=0.0.0 <=7.4.12) +2 more potentially affected by CVE-2024-53848 via check-jsonschema (>=0.19.2 <=0.29.4)

check-jsonschema PYPI version =0.19.2, =2.16.0, =0.0.0, =0.3.0, =0.3.0, =0.4.1 Source cves: CVE-2024-53848 Source advisory: SNYK:PYTHON-CHECKJSONSCHEMA-8445277...

The vulnerability of the ctl_write_buffer() function in the ctl subsystem of the FreeBSD operating system allows a hacker to execute arbitrary code.

The vulnerability of the ctlwritebuffer function in the ctl subsystem of the FreeBSD operating system is related to the use of memory after it is freed due to incorrect flag setting. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the ctl_request_sense() function in the ctl subsystem of FreeBSD allows a hacker to execute arbitrary code.

The vulnerability of the ctlrequestsense function in the ctl subsystem of FreeBSD lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CVE-2024-45289

CVE-2024-45289 affects FreeBSD: the fetch(3) library uses environment variables to pass info, including the revocation file pathname, but the fetch(1) option name was incorrect and effectively ignored the option. As a result, FreeBSD could connect to a host presenting a certificate listed in the ...

CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer

The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...

CVE-2024-39281

The CVE-2024-39281 issue affects FreeBSD where the command ctl_persistent_reserve_out lets a caller specify an arbitrary size passed to the kernel memory allocator, enabling unbounded allocation in the ctl(4) CAM Target Layer and potentially causing a host DoS. The FreeBSD security advisory SA-24...

CVE-2024-39281 Unbounded allocation in ctl(4) CAM Target Layer

The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator...

CVE-2024-39281 Unbounded allocation in ctl(4) CAM Target Layer

The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator...

FreeBSD-SA-24:18.ctl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:18.ctl Security Advisory The FreeBSD Project Topic: Unbounded allocation in ctl4 CAM Target Layer Category: core Module: ctl Announced: 2024-10-29 Credits:...

FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer

Problem Description: The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. Impact: A malicious guest could cause a Denial of Service DoS on the host...