The vulnerability of the Checkmk Exchange plugin for MikroTik routers allows a hacker to execute a spoofing attack.

The vulnerability of the Checkmk Exchange plugin for MikroTik routers is related to errors in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a spoofing attack remotely...

ROS-20241107-02

A vulnerability in the x86/mmu components of the Linux operating system kernel is related to incorrect calculations in the kvmtdpmmutrysplithugepages, kvmtdpmmucleardirtyslot, and cleardirtyptmasked functions in the arch/x86/kvm/mmu/tdpmmu.c. Exploitation of the vulnerability could allow an...

The vulnerability of the `avpriv_ac3_parse_header` function in the `libavcodec/ac3_parser.c` file of the FFmpeg multimedia library, related to pointer manipulation errors, allows attackers to cause a service failure.

The vulnerability of the avprivac3parseheader function in the libavcodec/ac3parser.c file of the FFmpeg multimedia library is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created AVI file...

The vulnerability of the software for managing Synology Photos storage devices allows a hacker to execute arbitrary code.

The vulnerability of the software for managing Synology Photos storage devices is related to errors in privilege management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...

CVE-2024-50121

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet In the normal case, when we excute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related to...

DEBIAN-CVE-2024-50096

In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migratetoram upon copy error The nouveaudmemcopyone function ensures that the copy push command is sent to the device firmware but does not track whether it was executed successfully. In the cas...

CVE-2024-50121 nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet In the normal case, when we excute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related to...

CVE-2024-50121 nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet In the normal case, when we excute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to properly check for allocation failures when handling kstrdup failures for passwords in the smb...

AZL-52189 CVE-2024-51744 affecting package packer for versions less than 1.9.5-9

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52275 CVE-2024-51744 affecting package kubernetes for versions less than 1.28.4-17

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52186 CVE-2024-51744 affecting package flannel for versions less than 0.24.2-13

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52248 CVE-2024-51744 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-25

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52251 CVE-2024-51744 affecting package cf-cli for versions less than 8.4.0-24

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52204 CVE-2024-51744 affecting package kubernetes for versions less than 1.30.10-5

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

DEBIAN-CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52192 CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52233 CVE-2024-51744 affecting package packer for versions less than 1.9.5-12

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52257 CVE-2024-51744 affecting package cert-manager for versions less than 1.11.2-22

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52207 CVE-2024-51744 affecting package telegraf for versions less than 1.31.0-7

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...