GHSA-F984-3WX8-GRP9 XXL-RPC Deserialization of Untrusted Data vulnerability

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

XXL-RPC Deserialization of Untrusted Data vulnerability

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

USN-6895-4: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...

Siemens Omnivise T3000 安全漏洞

The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A code execution vulnerability exists in the Siemens Omnivise T3000 Application Server that could be exploited by a local, authenticated attacker to execute arbitrary code with elevated...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6895-4 advisory. It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An...

ROS-20240730-06

A vulnerability in the Git distributed version control system is related to the ability to create the folder "C:.git." Exploitation of the vulnerability could allow an attacker to run arbitrary commands...

USN-6917-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

Important: Red Hat Enhancement Advisory: Red Hat Service Interconnect 1.4.7 Release rpms

This is release 1.4 of the rpms for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allo...

The vulnerability of the Foxboro.sys driver, a microprogramming software for distributed system management, allows a attacker to cause a service failure.

The vulnerability of the Foxboro.sys driver, a microprogramming software for distributed control systems like EcoStruxureTM Foxboro DCS Control Core Services, is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause system failures...

The vulnerability of the Foxboro.sys driver, a microprogramming software for distributed system management, allows a attacker to cause a service failure.

The vulnerability of the Foxboro.sys driver, a microprogramming software for distributed control systems like EcoStruxureTM Foxboro DCS Control Core Services, is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to cause service failures...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-038)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-038 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context du...

The vulnerability of the Microsoft Distributed Transaction Coordinator (MSDTC) on Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Distributed Transaction Coordinator MSDTC on Windows operating systems is related to improper external management of file names or file paths. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6895-3 advisory. It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An...

BIT-HYPERLEDGER-FABRIC-ORDERER-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

BIT-HYPERLEDGER-FABRIC-TOOLS-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

USN-6900-1: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...

SUSE CVE-2022-48808

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic when DSA master device unbinds on shutdown Rafael reports that on a system with LX2160A and Marvell DSA switches, if a reboot occurs while the DSA master dpaa2-eth is up, the following panic can be seen:...

UBUNTU-CVE-2022-48813

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 "net: dsa: realtek: register the MDIO bus under devres" 5135e96a3dd2 "net: dsa: don't allocate the slavemiibus using devres" mdiobusfree will pan...

RHEL 8 : git (RHSA-2024:4579)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4579 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

USN-6895-1: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...