PT-2024-5543 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S10 Junos OS versions from 21.4 before 21.4R3-S6 Junos OS versions from 22.1 before 22.1R3-S5 Junos OS versions from 22.2 before 22.2R3-S3 Junos OS versions from 22.3 before 22.3R3-S2 Junos OS versions from...

CVE-2024-38667 riscv: prevent pt_regs corruption for secondary idle threads

In the Linux kernel, the following vulnerability has been resolved: riscv: prevent ptregs corruption for secondary idle threads Top of the kernel thread stack should be reserved for ptregs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with...

CVE-2024-38667

CVE-2024-38667 affects the Linux kernel on RISC‑V: secondary idle threads can have their top‑of‑stack overlap with pt_regs, risking corruption of pt_regs and potentially saving/restoring a non‑existent V context. The issue mirrors a fix for the primary hart and was not propagated to secondary har...

CVE-2022-48762

In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...

CVE-2022-48762

In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...

CVE-2022-48762 arm64: extable: fix load_unaligned_zeropad() reg indices

In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...

CVE-2022-48762 arm64: extable: fix load_unaligned_zeropad() reg indices

In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...

D-Link E Series Security Vulnerability

D-Link E Series is a series of wireless routers from China-based AUO D-Link. A security vulnerability exists in D-Link E Series. An attacker exploiting this vulnerability could force the device to enable Telnet service by accessing a specific URL and logging in using the obtained administrator...

SUSE CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

PT-2024-4864 · Siemens · Ruggedcom Rsg2100 +16

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RMC8388 versions prior to V5.9.0 RUGGEDCOM RMC8388NC versions prior to V5.9.0 RUGGEDCOM RS416NCv2 versions prior to V5.9.0 RUGGEDCOM RS416PNCv2 versions prior to V5.9.0 RUGGEDCOM RS416Pv2 versions prior to V5.9.0 RUGGEDCOM RS416v2...

Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmonds flagship operating system...

Linux Kernel ksmbd Read Request Memory Leak Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of SMB2READ...

PT-2024-12777 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel ksmbd affected versions not specified Description: A flaw was found in the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in...

AZL-42471 CVE-2024-37407 affecting package libarchive for versions less than 3.7.1-2

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurpcentraldirectory in archivereadsupportformatzip.c...

Microsoft’s Recall Feature Is Even More Hackable Than You Thought

A new discovery that the AI-enabled feature’s historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.”...

GHSA-GWF6-Q6C2-94P3 Moodle ReCAPTCHA can be bypassed on the login page

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized...

VSS Snapshot Creation Delay on Server with DFSR Enabled

Article Applicability The issue described in this article affects earlier versions of Veeam Agent for Microsoft Windows VAW, however, the solution provided will only work with VAW 6.1.2 and higher. Challenge When backing up a server with the DFS feature enabled, the VSS snapshot creation step in...

Ubuntu Pro Subscription Detection

The remote Ubuntu host has an active Ubuntu Pro subscription. %NASLMINLEVEL 80900 include"compat.inc"; if description scriptid198218; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/07/05"; scriptnameenglish:"Ubuntu Pro Subscription Detection";...

GHSA-P2V5-XCQM-4FV6 silverstripe/taxonomy SQL Injection vulnerability

There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller TaxonomyDirectoryController is disabled by default and must be enabled by a developer for the exploit to be possible...

CVE-2021-47572

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled !CONFIGIPV6 we'll hit a NULL pointer dereference1 in the error path of nhcreateipv6 due to calling...