SUSE CVE-2023-52609

In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput and doexit Task A calls binderupdatepagerange to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmgetnotzero first. This can race with Task ...

The vulnerability of the AsciiDoc text processor, Asciidoctor, arises from executing a loop with an unavailable exit condition, allowing attackers to cause service failures.

The vulnerability of the AsciiDoc text processor, Asciidoctor, is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Amazon Linux AMI : ImageMagick (ALAS-2024-1926)

The version of ImageMagick installed on the remote host is prior to 6.9.10.68-3.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1926 advisory. Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial...

CVE-2023-52609 binder: fix race between mmput() and do_exit()

In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput and doexit Task A calls binderupdatepagerange to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmgetnotzero first. This can race with Task ...

The vulnerability of the qcom_rng_read() function in the qcom-rng.c component of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the qcomrngread function in the qcom-rng.c component of the Linux kernel involves executing a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Unbound DNS server, which arises from executing a loop with an unreachable exit condition, allows attackers to cause a service failure.

The vulnerability of the Unbound DNS server relates to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows a malicious actor to cause service failures...

ROS-2-1759

2.1759 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

Infinite Loop

FRRouting is vulnerable to Infinite Loop. The vulnerability is due to a Loop with Unreachable Exit Condition in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. An attacker can exploit this by sending specially crafted hello messages with the unicast...

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that using existing storage can lead to an early exit from smealloc...

Akaunting 3.1.3 Remote Command Execution

Exploit Title: Akaunting 3.1.3 - RCE Date: 08/02/2024 Exploit Author: [email protected] Vendor Homepage: https://akaunting.com Software Link: https://github.com/akaunting/akaunting Version: = 3.1.3 Tested on: Ubuntu 22.04 CVE : CVE-2024-22836 !/usr/bin/python3 import sys import re import requests...

The vulnerability of the regmapdebugfs_exit() function in Linux operating systems allows a hacker to disclose sensitive information or cause system failures.

The vulnerability of the regmapdebugfsexit function in Linux operating systems is related to memory release errors. Exploiting this vulnerability can allow attackers to disclose sensitive information or cause service failures...

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is...

BIT-MONGODB-2021-32037 User may trigger invariant when allowed to send commands directly to shards

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shar...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2024-550)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-550 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may...

The vulnerability of the DCRegister function in the SoftEther VPN client allows a hacker to cause a service failure.

The vulnerability of the DCRegister function in the SoftEther VPN client involves executing a loop with an unreachable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

UBUNTU-CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

Fedora 38 : bind / bind-dyndb-ldap (2024-fae88b73eb)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-fae88b73eb advisory. Security Fixes - Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service...

CVE-2023-52499 powerpc/47x: Fix 47x syscall return crash

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...