ROS-20250113-05

A vulnerability in the dma-mapping component of the Linux kernel is related to incorrect input validation in the mapbenchmarkioctl function in kernel/dma/mapbenchmark.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the f2fs component of...

The vulnerability of the software for managing Lenovo Accessories and Display Manager (LADM) and the software for managing and configuring Lenovo Display Control Center (LDCC) lies in errors in the authentication process, allowing a perpetrator to execute arbitrary code.

The vulnerabilities of the Lenovo Accessories and Display Manager LADM software for managing accessories and displays, as well as the Lenovo Display Control Center LDCC software for controlling and configuring displays, are related to errors in the certificate validation process. Exploiting these...

SUSE CVE-2024-55641

In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfstransallocdir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS dm-0: metadata I/O error in...

DEBIAN-CVE-2024-55641

In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfstransallocdir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS dm-0: metadata I/O error in...

UBUNTU-CVE-2024-55641

In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfstransallocdir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS dm-0: metadata I/O error in...

CVE-2024-57793 virt: tdx-guest: Just leak decrypted memory on unrecoverable errors

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-57793 virt: tdx-guest: Just leak decrypted memory on unrecoverable errors

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-57793

CVE-2024-57793 affects the Linux kernel in the virt: tdx-guest path, where an unrecoverable error in set_memory_decrypted() can cause decrypted memory to be leaked to the page allocator. The untrusted host in CoCo VMs can trigger set_memory_decrypted() to fail, and callers must handle such errors...

CVE-2024-57793

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-42172 HCL MyXalytics is affected by broken authentication

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...

PT-2025-3135 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the XFS filesystem. The issue occurs when a link call tries to set up a transaction to link a child into a directory,...

SUSE CVE-2024-56657

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

ROS-20250110-12

Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource "Race Situation". "Race Situation". Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by downloading specially crafted JSP files Apache Tomcat...

ROS-20250110-01

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is associated with authorization errors due to a buffer overrun. authorization errors as a result of an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow...

ROS-20250110-02

A vulnerability in the Exiv2 media metadata management library is related to a flaw in the use of the assert function. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted image file Vulnerability in the Jp2Image::readMetadata...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7186-2)

"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7186-2 advisory. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type- confusion error. A physically proximate...

The vulnerability of the JavaScript script handler in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge relates to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page from a remote location...

CVE-2021-20455

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

Out-of-bounds Read

libpoppler.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of bitmap combinations within the JBIG2Bitmap::combine function in JBIG2Stream.cc, leading to potential memory access errors...

PT-2025-4337

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue concerns the Linux kernel, specifically the hwmon driver, which can produce garbage data when SCSI errors occur. The scsi execute cmd function can return both negative and positive...