The vulnerability of Xenstore information storage in Xen hypervisors allows a attacker to cause a service failure.

The vulnerability of Xenstore information storage in Xen hypervisors stems from memory release errors that can occur due to the creation of an arbitrary number of nodes. Exploiting this vulnerability could allow a attacker to cause a service failure...

Important: python3.11

Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can r...

The vulnerability of Xenstore information storage in Xen hypervisors allows a attacker to cause a service failure.

The vulnerability of Xenstore information storage in Xen hypervisors stems from memory release errors that can occur due to the creation of an arbitrary number of nodes. Exploiting this vulnerability could allow a attacker to cause a service failure...

Important: python3.9

Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can r...

RLSA-2024:2562 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...

SUSE CVE-2022-48686

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the iowork loop when we set rdenabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain increased privileges.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in errors during initialization. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in code in multiple locations. An attacker can exploit this vulnerability to cause an elevation of privilege...

The vulnerability of the Brokering File System (BFS) of the Windows Server operating system allows a perpetrator to increase their privileges.

The vulnerability of the Brokering File System BFS in the Windows Server operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Ivanti Secure Access Client (formerly Pulse Secure Desktop Client) for corporate networks’ VPN servers in Windows operating systems, related to synchronization errors when using a shared resource, allows a hacker to escalate their privileges.

The vulnerability of the VPN server for corporate networks of Ivanti Secure Access Client formerly Pulse Secure Desktop Client on Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to increase their...

The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver allows a hacker to trigger a service failure or replace the display on the screen.

The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to remotely cause service failures or replace the display on the screen...

The vulnerability of the Brokering File System (BFS) of the Windows Server operating system allows a perpetrator to increase their privileges.

The vulnerability of the Brokering File System BFS in the Windows Server operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

DEBIAN-CVE-2022-48686

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the iowork loop when we set rdenabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted...

CVE-2022-48686

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the iowork loop when we set rdenabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted...

UBUNTU-CVE-2022-48686

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the iowork loop when we set rdenabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted...

CVE-2022-48686

CVE-2022-48686 : In the Linux kernel, the nvme-tcp path fixed a use-after-free (UAF) when detecting digest errors. The patch also adds a safeguard to bail from the io_work loop when rd_enabled becomes true, avoiding reads from a TCP socket that is out-of-sync or corrupted. Concrete details across...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attrallocatefra...

The vulnerability of the Airflow FTP Provider network software is related to errors in the authentication process, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Airflow FTP Provider network software is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Advisory ROSA-SA-2024-2410

Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...

CVE-2024-27057 ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend When the system is suspended while audio is active, the sofipc4pcmhwfree is invoked to reset the pipelines since during suspend the DSP is turned off, streams...