Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12780)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12780 advisory. - VMCI: Fix use-after-free when removing resource in vmciresourceremove David Fernandez Gonzalez Orabug: 37037205 CVE-2024-46738 - exec: Fix ToCTo...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12782)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12782 advisory. - VMCI: Fix use-after-free when removing resource in vmciresourceremove David Fernandez Gonzalez Orabug: 37037205 CVE-2024-46738 - exec: Fix ToCTo...

amaranth-yosys (=0.25.0.0.post72), devcycle-python-server-sdk (>=3.0.0 <=3.6.0) +10 more potentially affected by CVE-2024-47813 via wasmtime (=9.0.0)

wasmtime PYPI version =9.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - amaranth-yosys =0.25.0.0.post72 - devcycle-python-server-sdk =3.0.0, =0.1.0, =0.1.0a15, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.9 ...

CVE-2024-43549

Windows Routing and Remote Access Service RRAS Remote Code Execution Vulnerability...

CVE-2024-38265

CVE-2024-38265 is a Windows RRAS remote code execution vulnerability. The connected documents confirm RRAS is affected and indicate this CVE can lead to remote code execution over the network, with a highly elevated impact (NCSC lists 8.80, Execute random code). The initial metrics show CVSSv3.1:...

CVE-2024-21532

All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...

kernel: Fix of 13 CVEs

btrfs: fix use-after-free after failure to create a snapshot CVE-2022-48733 - hwmon: nct6775-core Fix underflows seen when writing limit attributes CVE-2024-46757 - wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - netfilter: conntrack: dccp: copy entire...

CLSA-2024-1728297376 kernel: Fix of 13 CVEs

btrfs: fix use-after-free after failure to create a snapshot CVE-2022-48733 - hwmon: nct6775-core Fix underflows seen when writing limit attributes CVE-2024-46757 - wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - netfilter: conntrack: dccp: copy entire...

PT-2024-18946

Name of the Vulnerable Software and Affected Versions ggit versions all Description The issue concerns Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched. This input is then concatenated with a git command and passed to the unsafe exec Node....

CLSA-2024-1727817133 Fix of 74 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the...

CLSA-2024-1727690947 kernel: Fix of 80 CVEs

sch/netem: fix use after free in netemdequeue CVE-2024-46800 - VMCI: Fix use-after-free when removing resource in vmciresourceremove CVE-2024-46738 - drm/amdgpu: Fix out-of-bounds write warning CVE-2024-46725 - drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber CVE-2024-46724 - drm/amdgpu:...

CVE-2024-46826 ELF: fix kernel.randomize_va_space double read

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

Exploit for Code Injection in Spx Spx_Graphics_Controller

CVE-2024-44623 In SPX-GC...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Veritas Backup Exec Windows Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Windows Remote File Access', 'Description' = %q This module abuses a logic flaw in the Backup Exec Windows Agent to download...

Code Injection

llamaindex is vulnerable to Code Injection. The vulnerability is caused due to a missing validation for the clsname variable used in the exec call in the download/integration.py script. An attacker can execute arbitrary code by injecting malicious input into the clsname variable used in the exec...

GHSA-FXC2-8M62-M85X LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

CVE-2024-45201

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

PYSEC-2024-192

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...