DEBIAN-CVE-2021-47102

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix incorrect structure access In line: upper = info-upperdev; We access upperdev field, which is related only for particular events e.g. event == NETDEVCHANGEUPPER. So, this line cause invalid memory acce...

Double free

In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tunfreenetdev Avoid double free in tunfreenetdev by moving the dev-tstats and tun-security allocs to a new ndoinit routine tunnetinit that will be called by registernetdevice. ndoinit is paired with the...

DEBIAN-CVE-2023-52578

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEVSTATSINC syzbot/KCSAN reported data-races in brhandleframefinish 1 This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEVSTATSINC to update dev-stats fields. Handles updates to...

UBUNTU-CVE-2023-52578

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEVSTATSINC syzbot/KCSAN reported data-races in brhandleframefinish 1 This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEVSTATSINC to update dev-stats fields. Handles updates to...

SUSE CVE-2021-46995

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: mcp251xfdprobe: fix an error pointer dereference in probe When we converted this code to use deverrprobe we accidentally removed a return. It means that if devmclkget it will lead to an Oops when we call clkgetrat...

Google Android elevation of privilege vulnerability (CNVD-2026-11757)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which stems from the failure of the ashmem-dev.cpp file to properly validate the length of input data, which can be exploited by an attacker to gain...

DEBIAN-CVE-2021-47056

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADFSTATUSPFRUNNING should be set after adfdevinit ADFSTATUSPFRUNNING is only used and checked by adfvf2pfshutdown before calling adfiovputmsg-mutexlockvf2pflock, however the vf2pflock is initialized in adfdevinit,...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...

CVE-2021-46981

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...

UBUNTU-CVE-2021-46995

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: mcp251xfdprobe: fix an error pointer dereference in probe When we converted this code to use deverrprobe we accidentally removed a return. It means that if devmclkget it will lead to an Oops when we call clkgetrat...

Double free

In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...

CVE-2021-46938

CVE-2021-46938 affects the Linux kernel in the device-mapper (dm-mq) path for request-based mapped devices. When loading a device-mapper table, if the allocation/initialization of blk_mq_tag_set for the device fails, a subsequent dev_remove can trigger a double free during cleanup because the poi...

CVE-2021-46932 Input: appletouch - initialize work before device registration

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in flushwork. This warning is caused by work-func == NULL, which means missing work initialization. This may happen, since inputdev-close...

innovation-dev.mit.edu Cross Site Scripting vulnerability OBB-3859877

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Debian dla-3736 : libunbound-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3736 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3736-1 [email protected]...

The vulnerability of the macOS operating system’s Dev Tools component, which allows a hacker to increase their privileges

The vulnerability of the Dev Tools component of the macOS operating system exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to gain increased privileges...

faust.ch Cross Site Scripting vulnerability OBB-3848411

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

QtGui: Multiple Vulnerabilities

Background QtGui is a module for the Qt toolkit. Description Multiple vulnerabilities have been discovered in QtGui. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this tim...

Ubuntu 16.04 ESM / 18.04 ESM : X.Org X Server regression (USN-6587-4)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6587-4 advisory. USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Tenable...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : X.Org X Server regression (USN-6587-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6587-3 advisory. USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. ...