SUSE-SU-2024:3694-1 Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005549 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

Malicious code in math-power-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9703 Malicious code in math-power-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

Agent Dart 信任管理问题漏洞

Agent Dart is an AstroxNetwork open source agent library built for Internet computers for Dart and Flutter applications. A trust management issue vulnerability exists in Agent Dart prior to version 1.0.0-dev.29, which stems from certificate validation in lib/agent/certificate.dart not working...

PT-2024-33265 · Unknown · Agent Dart

Name of the Vulnerable Software and Affected Versions: Agent Dart versions prior to 1.0.0-dev.29 Description: The issue is related to improper certificate verification in the lib/agent/certificate.dart file. Specifically, during delegation verification in the checkDelegation function, the caniste...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12780)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12780 advisory. - VMCI: Fix use-after-free when removing resource in vmciresourceremove David Fernandez Gonzalez Orabug: 37037205 CVE-2024-46738 - exec: Fix ToCTo...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12782)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12782 advisory. - VMCI: Fix use-after-free when removing resource in vmciresourceremove David Fernandez Gonzalez Orabug: 37037205 CVE-2024-46738 - exec: Fix ToCTo...

kernel: Fix of 13 CVEs

btrfs: fix use-after-free after failure to create a snapshot CVE-2022-48733 - hwmon: nct6775-core Fix underflows seen when writing limit attributes CVE-2024-46757 - wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - netfilter: conntrack: dccp: copy entire...

WordPress Broken Link Checker Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Broken Link Checker Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8981 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 5ef9d4c1245b Credits vgo0 Required privile...

Debian dla-3903 : libunbound-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3903 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3903-1 [email protected]...

Security Bulletin: Vulnerability in pytest-dev py affects IBM watsonx.data

Summary pytest-dev py is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw by the InfoSvnCommand argument. By sending a specially-crafted regex info data, a remote attacker could exploit this vulnerability to cause a denial of service condition. This c...

kernel: ACPI: fix NULL pointer dereference

A vulnerability was found in the Linux kernel’s ACPI subsystem, where the acpidevput function could attempt to operate on a NULL pointer, leads to a system crash due to a NULL pointer dereference, causing instability when managing ACPI devices...

kernel: drivers: core: synchronize really_probe() and dev_uevent()

This CVE has been marked as Rejected by the assigning CNA...

SUSE-SU-2024:3375-1 Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: - CVE-2023-52846: Prevent use after free in prpcreatetaggedframe bsc1225099. - CVE-2022-48662: Fixed a general protection fault GPF in i915perfopenioctl bsc1223521. - CVE-2024-3581...

Linux i915 PTE Use-After-Free

I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will becom...

GLSA-202409-12 : pypy, pypy3: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-12 pypy, pypy3: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

liblouis: Multiple Vulnerabilities

Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...