SUSE CVE-2024-46776

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Run DCLOGDC after checking link-linkenc WHAT The DCLOGDC should be run after link-linkenc is checked, not before. This fixes 1 REVERSEINULL issue reported by Coverity...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the implementation of BatchToSpaceNd where TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0 resulting in the...

Integer Overflow

libexpat.so is vulnerable to Integer Overflow. The vulnerability is caused due to a defect in function nextScaffoldPart within xmlparse.c. This can lead to an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX...

Integer Overflow

libexpat.so is vulnerable to Integer Overflow. The vulnerability is caused due to a defect in function dtdCopy within xmlparse.c. This can lead to integer overflow for nDefaultAtts on 32-bit platforms whereUINTMAX equals SIZEMAX...

Medium: python3.9

Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...

CVE-2024-36111

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...

CVE-2024-36111 KubePi's JWT token validation has a defect

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...

CVE-2024-36111 KubePi's JWT token validation has a defect

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...

UBUNTU-CVE-2024-6505

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirectionstable data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This...

PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

DEBIAN-CVE-2023-52698

In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlblcalipsoaddpass If IPv6 support is disabled at boot ipv6.disable=1, the calipsoinit - netlblcalipsoopsregister function isn't called, and the netlblcalipsoopsget function always returns NULL. In...

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operable format. A security vulnerability exists in MantisBT versions prior to 2.26.2, which stems from an issue that exposes sensitive...

freerdp: missing offset validation leading to Out Of Bound Read

A flaw was found in FreeRDP. In the libfreerdp/codec/rfx.c file, there is no offset validation in tile-quantIdxY, tile-quantIdxCb, and tile-quantIdxCr. As a result, crafted input can lead to an out-of-bounds read, which may result in a crash...

PYSEC-2024-252

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

Fedora: Security Advisory for jsr-305 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jsr-305-3.0.2-15.fc40

This package contains reference implementations, test cases, and other documents for Java Specification Request 305: Annotations for Software Defect Detection...

OESA-2024-1110 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c.CVE-2023-46343 In the Linux kernel before 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c has a...

CVE-2023-49706

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...

OPENSUSE-SU-2023:0388-1 Security update for optipng

This update for optipng fixes the following issues: Update to 0.7.8: CVE-2023-43907: Fixed a global-buffer-overflow vulnerability in the GIF reader boo1215937. Fixed a stack-print-after-scope defect in the error handler. Fixed an assertion failure in the image reduction module. Fixed the...

kernel: tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site

In the Linux kernel, the following vulnerability has been resolved: tpm: Add !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 kernel BUG...