GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

...

CVE-2024-49975

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...

UBUNTU-CVE-2024-49975

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...

USN-7028-2 linux-azure vulnerabilities

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service system crash. Several security issues were discovered in the Linux kernel. An attacker could possibly use...

Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-7028-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7028-2 advisory. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could us...

SUSE CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

llvm-toolset:rhel8 bug fix and enhancement update

An update is available for lld, compiler-rt, module.lld, lldb, python-lit, module.python-lit, module.lldb, llvm, libomp, module.compiler-rt, clang, module.libomp, module.llvm, module.clang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7009-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

USN-7028-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service system crash. Several security issues were discovered in the Linux kernel. An attacker could possibly use...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7029-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7029-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7007-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-2)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6999-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7007-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-3 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7005-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7005-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7009-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7008-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7008-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7007-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

[SECURITY] Fedora 40 Update: radare2-5.9.4-1.fc40

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...