The vulnerability of the WebAssembly module of Google Chrome’s browser, which allows a hacker to execute arbitrary code.

The vulnerability of the WebAssembly module of Google Chrome browser is related to type conversion errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

PT-2024-34109

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the ksmbd component. The issue involves the xa store function, which can fail and return errors such as xa...

[SECURITY] Fedora 41 Update: python-fastapi-0.115.2-1.fc41

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.8+ based on standard Python type hints. The key features are: =E2=80=A2 Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python frameworks available...

Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...

ROS-20241025-01

A vulnerability in the netlink component of the Linux kernel is related to the use of an uninitialized resource in the sizeof function in lib/nlattr.c. uninitialized resource in the sizeof function in lib/nlattr.c. Exploitation of the vulnerability could allow an attacker to cause a denial of...

Denial Of Service (DoS)

org.eclipse.jetty, jetty-servlets is vulnerable to Denial Of Service DoS. The vulnerability is due to the exploitation of Jetty's DosFilter, which allows attackers to send crafted requests that trigger OutOfMemory errors...

Microsoft Edge browser’s vulnerability, related to errors in data type mixing, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge relates to type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

ROS-20241023-05

A vulnerability in the btrfs component of the Linux operating system kernel is related to an incorrect lock in the function emitfiemapextent in fs/btrfs/extentio.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the powerpc/pseries/iommu...

The vulnerability of the IB/qib component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the IB/qib component in the Linux operating system’s kernel is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability of the MySQL Server component: The Telemetry feature of the MySQL Server management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the MySQL Server component relates to insufficient protection of operational data due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the MySQL network...

The vulnerability of the rawmidi component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the rawmidi component in the Linux operating system’s kernel is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the xsk component in the Linux operating system’s kernel allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability of the xsk component in the Linux operating system’s kernel is related to security configuration errors. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

The vulnerability of the XML Database Component of the Oracle Database Server system allows a attacker to cause a service failure.

The vulnerability of the XML Database Component of the Oracle Database Server system is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending HTTP packets remotely...

The vulnerability of the ssif component in the Linux operating system’s kernel allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability of the ssif component in the Linux operating system’s kernel is related to security configuration errors. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

CVE-2024-50312

CVE-2024-50312 is an Information Disclosure via GraphQL Introspection vulnerability in OpenShift. The connected Red Hat advisory notes that OpenShift Container Platform 4.x releases including 4.16.30 and 4.17.12 were patched to fix this issue, which allowed unauthorized users to enumerate availab...

CVE-2024-50040

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 "igb: Fix igbdown hung on surprise removal" changed igbioerrordetected to ignore non-fatal pcie errors in order to avoid hung task that can happen when...

Remote Denial Of Service (DoS)

org.eclipse.jetty, jetty-server is vulnerable to a Remote Denial-of-Service DoS. The vulnerability is due to the ThreadLimitHandler.getRemote method, which allows unauthorized users to send crafted requests that trigger OutOfMemory errors and exhaust the server's memory...

SUSE CVE-2024-50040

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 "igb: Fix igbdown hung on surprise removal" changed igbioerrordetected to ignore non-fatal pcie errors in order to avoid hung task that can happen when...

ROS-20241021-03

Vulnerability of the tic4xprintcond function of the opcodes/tic4x-dis.c component of the GNU development tool Binutils is related to memory initialization errors. Exploitation of the vulnerability allows an attacker, acting remotely, to gain access to confidential data...

Eclipse Jetty DoS Vulnerability (GHSA-7hcf-ppf8-5w5h) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...