AZL-39878 CVE-2024-31950 affecting package frr for versions less than 8.5.5-1

In FRRouting FRR through 9.1, there can be a buffer overflow and daemon crash in ospfteparseri for OSPF LSA packets during an attempt to read Segment Routing subTLVs their size is not validated...

The vulnerability of the Nix package manager in Unix operating systems, related to synchronization errors when using shared resources, allows a perpetrator to modify the output of package processes in the Nix store.

The vulnerability of the Nix package manager in Unix operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to modify the output of package processes in the Nix store...

The vulnerability of the kernel of iOS operating systems, macOS Sonoma, iPadOS, tvOS, visionOS, and watchOS allows attackers to disclose protected information.

The vulnerability of the kernel of iOS, macOS Sonoma, iPadOS, tvOS, visionOS, and watchOS is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these systems...

Multiple vulnerabilities in NEC Aterm series

Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 - CVE-2024-28006 Incorrect Permission...

SUSE CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

CVE-2024-25695 concatenated errors resulting in cross site scripting and frame injection issues.

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack...

CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before initfn for nonboot CPUs Disable IRQ before initfn for nonboot CPUs when hotplug, in order to silence such warnings and also avoid potential errors due to unexpected interrupts: WARNING: CPU: 1 PID: 0...

CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...

Unable to access NetScaler via SSH. SSH daemon process not running or able to start.

Device not accessible via SSH. Admin GUI actions that require SSH i.e. Generate Tech Support Bundle, Ping, simulated CLI do not work, shows error ""errorcode":"2138","message":"Not authorized to execute this command","severity":"ERROR"" Unable to access device via SCP. sshd process not running an...

DEBIAN-CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...

CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...

CVE-2024-26730

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct6775 Fix access to temperature configuration registers The number of temperature configuration registers does not always match the total number of temperature registers. This can result in access errors reported if KASA...

CVE-2024-26730

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct6775 Fix access to temperature configuration registers The number of temperature configuration registers does not always match the total number of temperature registers. This can result in access errors reported if KASA...

CVE-2024-26765 LoongArch: Disable IRQ before init_fn() for nonboot CPUs

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before initfn for nonboot CPUs Disable IRQ before initfn for nonboot CPUs when hotplug, in order to silence such warnings and also avoid potential errors due to unexpected interrupts: WARNING: CPU: 1 PID: 0...

CVE-2024-26765

CVE-2024-26765 concerns the Linux kernel on LoongArch. The issue arises when hotplugging nonboot CPUs: IRQs are disabled before calling init_fn(), intended to silence warnings and avoid interrupts, but this is tied to the rcu_cpu_starting warning path (CPU: 1, pid: 0). The result is a race where ...

CVE-2024-26762 cxl/pci: Skip to handle RAS errors if CXL.mem device is detached

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...

CVE-2024-26762

In CVE-2024-26762, the Linux kernel patch fixes a CXL error-handling path where the CXL.mem device detach flow could lead to a crash during AER handling. Specifically, the code previously reaped RAS status registers after unbinding the memdev, which could crash on a subsequent AER notification wh...

CVE-2024-26760 scsi: target: pscsi: Fix bio_put() for error case

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bioput for error case As of commit 066ff571011d "block: turn biokmalloc into a simple kmalloc wrapper", a bio allocated by biokmalloc must be freed by biouninit and kfree. That is not done properly for th...

CVE-2024-26730

The CVE-2024-26730 entry concerns the Linux kernel hwmon/nct6775 driver. The vulnerability arises from a mismatch between the number of temperature configuration registers and the total temperature registers, which can trigger out-of-bounds access (KASAN) in nct6775_probe/nct6775_core. The issue ...

CVE-2024-26730 hwmon: (nct6775) Fix access to temperature configuration registers

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct6775 Fix access to temperature configuration registers The number of temperature configuration registers does not always match the total number of temperature registers. This can result in access errors reported if KASA...