Check Point Multi-Domain Security Management 安全漏洞

Check Point Multi-Domain Security Management is a centralized management solution from Check Point Israel for large-scale distributed environments with many discrete network segments. A security vulnerability exists in Check Point Multi-Domain Security Management, which stems from the possibility...

SUSE CVE-2025-21677

In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

...

SUSE CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

AZL-56379 CVE-2024-45339 affecting package glog 0.3.5-16

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

AZL-56402 CVE-2024-45339 affecting package glog for versions less than 0.3.5-16

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

AZL-56066 CVE-2024-45339 affecting package vitess for versions less than 19.0.4-4

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

DEBIAN-CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

UBUNTU-CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

CVE-2024-45339

CVE-2024-45339 affects the Go glog package. The issue arises when logs are written to a widely-writable directory: an unprivileged attacker could predict a privileged process’s log path and pre-create a symlink to a sensitive file, causing the process to overwrite it. The fix is to have glog exit...

glog 安全漏洞

glog is a Go open source hierarchical execution log for Go. A security vulnerability exists in glog versions prior to 1.2.4, which stems from the presence of a sensitive file overwrite vulnerability that allows an attacker to pre-create symbolic links to exit the program to fix it...

SUSE CVE-2024-57844

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drmdeventer/drmdevexit. This fixes the followin...

SUSE CVE-2024-55639

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

DEBIAN-CVE-2024-55639

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

UBUNTU-CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

UBUNTU-CVE-2024-55639

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

CVE-2024-55881

CVE-2024-55881 : In the Linux kernel, KVM for x86 had a fix to correctly detect 64‑bit hypercalls during complete_hypercall_exit() for guests with protected state (e.g., SEV-ES/SEV-SNP). The change replaces is_64_bit_mode() with is_64_bit_hypercall() to determine 64‑bit mode when the vCPU state n...