SUSE CVE-2022-49665

In the Linux kernel, the following vulnerability has been resolved: platform/x86: thinkpadacpi: Fix a memory leak of EFCH MMIO resource Unlike releasememregion, a call to releaseresource does not free the resource, so it has to be freed explicitly to avoid a memory leak...

CVE-2024-49570

In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TPprintk UAF The commit afd2627f727b "tracing: Check "%s" dereference via the field and not the TPprintk format" exposes potential UAFs in the xebomove trace event. Fix those by avoiding...

DEBIAN-CVE-2022-49630

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpecnfallback. While reading sysctltcpecnfallback, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49391 remoteproc: mtk_scp: Fix a potential double free

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtkscp: Fix a potential double free 'scp-rproc' is allocated using devmrprocalloc, so there is no need to free it explicitly in the remove function...

Microsoft Hosted Explicit Videos of This Startup Founder for Years. Here's How She Got Them Taken Down

Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: qibfs: fixed the dentry leak. The simplerecursiveremoval function removes the pinning references to all positive values in the subtree. In cases where its argument is kept alive solely through pinning, that’s exactly the right...

GitHub’s Deepfake Porn Crackdown Still Isn’t Working

Over a dozen programs used by creators of nonconsensual explicit images have evaded detection on the developer platform, WIRED has found...

UBUNTU-CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

CVE-2024-53122

CVE-2024-53122 affects the Linux kernel in mptcp: racing subflow creation in mptcp_rcv_space_adjust can trigger a race when handling spooled data on a subflow, potentially causing a divide-by-zero during tcp_cleanup_rbuf() on newly created subflows. The fix adds a state check to ensure the subflo...

GHSA-5CPH-WVM9-45GJ Flowise OverrideConfig security vulnerability

Impact Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a major security vulnerability...

UBUNTU-CVE-2024-53063

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

CVE-2024-53063 media: dvbdev: prevent the risk of out of memory access

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

CVE-2024-53063

CVE-2024-53063: Linux kernel DVB minor management (dvbdev) allowed potential OOM via a static minor-tracker when CONFIG_DVB_DYNAMIC_MINORS is unset and device/register calls para-mismatch occurred. The patch adds explicit boundary guards in dvb_register_device and dvb_device_open to prevent out-o...

CVE-2024-50186

CVE-2024-50186 : Linux kernel vulnerability in net: explicitly clear the sk pointer when pf->create fails. Root cause: some pf->create implementations do not NULL the freed sk object in error paths, leaving a dangling pointer and enabling Use-After-Free. Fix: explicitly NULL the sk pointer ...

CVE-2024-50186 net: explicitly clear the sk pointer, when pf->create fails

In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf-create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b "net: do not leave a dangling sk pointer, when socket creation fails". The problem is that...

GHSA-WXW9-6PV9-C3XC Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Impact During an explicit sign-out, the server session is not fully terminated...

Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Impact During an explicit sign-out, the server session is not fully terminated...

CVE-2024-48929 Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue...

PT-2024-33276 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 13.x prior to 13.5.2 Umbraco versions 10.x prior to 10.8.7 Description: The issue occurs during an explicit sign-out, where the server session is not fully terminated. This affects Umbraco, a free and open source .NET content...

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...