Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2024:2562 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...

RHEL 9 : python3.11 (RHSA-2024:2292)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2292 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Fedora 40 : llhttp / python-aiohttp (2023-f2bb9ee617)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f2bb9ee617 advisory. python-aiohttp 3.8.6 2023-10-07 https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst386-2023-10-07 Security bugfixes - Upgraded llhttp to v9.1.3:...

CVE-2022-48634 drm/gma500: Fix BUG: sleeping function called from invalid context errors

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gmacrtcpageflip was holding the eventlock spinlock while calling crtcfuncs-modesetbase which takes wwmutex. The only reason to hold eventlock is to clear...

PYSEC-2024-206

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...

The vulnerability of Windows operating system-based Cryptographic Services allows attackers to circumvent existing security restrictions.

The vulnerability of Windows operating system’s Cryptographic Services is related to data encryption errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

The vulnerability of the System Recovery Bootloader for Windows operating systems allows attackers to circumvent existing security restrictions and enhance their privileges.

The vulnerability of the System Recovery Bootloader for Windows operating systems is related to errors in processing input data. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions and gain increased privileges...

ROS-20240423-03

Vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol implementation is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in component...

ROS-20240422-05

The golang package vulnerability is related to errors returned from MarshalJSON methods containing data, controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely, exploit these errors to disrupt the contextual behavior of the automatic output of the packag...

The vulnerability of the cross-platform FTP server CrushFTP’s web interface allows a hacker to gain access to the virtual file system and system files.

The vulnerability of the cross-platform FTP server CrushFTP lies in errors related to privilege management. Exploiting this vulnerability allows a malicious actor to gain access to the system files by exiting the virtual file system remotely...

The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool allows a perpetrator to gain unauthorized access to protected information and perform arbitrary actions within the system.

The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool is related to errors in processing the relative path to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the WLAvalancheService component in the Avalanche mobile device management system allows a hacker to trigger a service failure.

The vulnerability of the WLAvalancheService component in the mobile device management system of Avalanche is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to cause service failures...

PT-2024-5137 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to the Permission Model in Node.js, which incorrectly assumes that any path starting with two backslashes has a four-character prefix that can be ignored. This subtle b...

The vulnerability of the WLAvalancheService component in the Avalanche mobile device management system allows a hacker to trigger a service failure.

The vulnerability of the WLAvalancheService component in the mobile device management system of Avalanche is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to cause service failures...

The vulnerability in the embedded Jetty server of the CData Connect integration, analysis, and data management platform allows attackers to escalate their privileges.

The vulnerability of the embedded Jetty server in the CData Connect integration, analysis, and data management platform is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow a malicious actor to increase their privileges by sending specially...

CVE-2024-26873

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: 4613.652388...

AZL-59453 CVE-2024-26841 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Update cpusiblingmap when disabling nonboot CPUs Update cpusiblingmap when disabling nonboot CPUs by defining & calling clearcpusiblingmap, otherwise we get such errors on SMT systems: jump label: negative count!...

Palo Alto OS Command Injection

CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: http POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.0.1 Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt; Connection: close Content-Type: application/x-www-form-urlencod...

The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Kerberos protocol for Windows operating systems is related to pointer swapping errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...