kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...

Error: "Could Not Logon. Verify your credentials and network connectivity" and "Service unavailable"

Application enumeration fails when the StoreFront server is connected through Access Gateway Enterprise Edition and iOS Receiver 5.7.x for iPad/iPhone. The following error messages are displayed: “Could Not Logon. Verify your credentials and network connectivity.” "Could Not Logon. Service...

SUSE CVE-2024-38552

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...

DEBIAN-CVE-2024-38552

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...

SUSE-SU-2024:1525-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Convert oscap output to UTF-8 -...

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

CVE-2023-52532 net: mana: Fix TX CQE error handling

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

CVE-2023-52532 net: mana: Fix TX CQE error handling

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

CVE-2024-23448

APM Server vulnerability CVE-2024-23448: when Elasticsearch returns a failure while indexing a document, the response may be logged at ERROR level and could include parts of the original document, potentially exposing sensitive data in APM Server logs. Affected product: APM Server (Elastic). Root...

Log Injection

pyload-ng is vulnerable to Log Injection. The vulnerability is caused due to a lack of validation while logging an error in apiblueprint.py and appblueprint.py. An attacker can corrupt log files exploiting this vulnerability...

Duplicate Advisory: Race Condition leading to logging errors

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjp3-5g2q-7jww. This link is maintained to preserve external references. Original Description A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries...

CVE-2023-52267

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...

CVE-2023-52267

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...

Design/Logic Flaw

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...

CVE-2023-52267

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...

Code injection

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

CVE-2023-46675

CVE-2023-46675 affects Elastic Kibana and describes an information-disclosure risk where sensitive data may be written to Kibana logs during errors or when debug logging is enabled. Affected ranges include Kibana 7.13.0–7.17.16 and 8.0.0–8.11.1. Log entries could contain credentials for kibana_sy...