DEBIAN-CVE-2022-48896

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pcigetdomainbusandslot says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pcidevput. In...

DEBIAN-CVE-2022-48870

In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spkttyiorelease Run the following tests on the qemu platform: syzkaller: modprobe speakupaudptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node MAJOR 10,...

CVE-2022-48870 tty: fix possible null-ptr-defer in spk_ttyio_release

In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spkttyiorelease Run the following tests on the qemu platform: syzkaller: modprobe speakupaudptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node MAJOR 10,...

GO-2023-1940 1Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel

1Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel...

CVE-2024-42301

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I...

CVE-2024-42301

CVE-2024-42301 affects the Linux kernel’s dev/parport component, where an array out-of-bounds risk was introduced. The vulnerability was addressed by replacing unsafe data copying (sprintf) with snprintf to prevent buffer overflow. The initial report includes a kernel stack and Do_Hardware_Base_A...

CVE-2024-42301

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-078)

The version of kernel installed on the remote host is prior to 5.4.275-189.375. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-078 advisory. A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the...

GLSA-202408-31 : protobuf, protobuf-python: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202408-31 protobuf, protobuf-python: Denial of Service A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...

GLSA-202408-32 : PHP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-32 PHP: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2896-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2896-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were...

CVE-2024-7704

A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecologydev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack...

GLSA-202408-22 : Bundler: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-22 Bundler: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

SUSE SLES12 Security Update : kernel (Live Patch 45 for SLE 12 SP5) (SUSE-SU-2024:2818-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2818-1 advisory. This update for the Linux Kernel 4.12.14-122165 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:2827-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2827-1 advisory. This update for the Linux Kernel 4.12.14-122176 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixe...

PT-2024-8701 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.19 Description: A critical issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName, where the manipulation of the argument devName leads to a stack-based buffer overflow. This can be...

SUSE-SU-2024:2843-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed use-after-free bug caused by scosocktimeout bsc1225013. - CVE-2024-35950: drm/client: Fully protect modes with dev-modeconfig.mutex bsc1225310. -...

kernel: bonding: stop the device in bond_setup_by_slave()

In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 "net: lapbether: only support ethernet devices" has been able to keep syzbot away from net/lapb, until today. In the following splat 1, the issue is that a lapbethe...

CVE-2024-42248 tty: serial: ma35d1: Add a NULL check for of_node

In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check for ofnode The pdev-dev.ofnode can be NULL if the "serial" node is absent. Add a NULL check to return an error in such cases...

Linux DRM drm_file_update_pid() Race Condition / Use-After-Free Exploit

Linux DRM has drmfileupdatepid call to getpid too late, which creates a race condition that can lead to use-after-free issue of a struct pid. Linux: DRM: refcount incremented too late in drmfileupdatepid I am sending this to security@ and to the drm-misc maintainers - based on...