DEBIAN-CVE-2022-48892

In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dupusercpusptr Since commit 07ec77a1d4e8 "sched: Allow task CPU affinity to be restricted on asymmetric systems", the setting and clearing of usercpusptr are done under pilock for arm64...

UBUNTU-CVE-2022-48892

In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dupusercpusptr Since commit 07ec77a1d4e8 "sched: Allow task CPU affinity to be restricted on asymmetric systems", the setting and clearing of usercpusptr are done under pilock for arm64...

CVE-2023-52903 io_uring: lock overflowing for IOPOLL

In the Linux kernel, the following vulnerability has been resolved: iouring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at iouring/iouring.c:734 iocqringeventoverflow+0x1c0/0x230 iouring/iouring.c:734 CPU: 0 PID: 28 Comm:...

CVE-2024-42318

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

fork: defer linking file vma until vma is fully initialized

...

CVE-2024-7867

In Xpdf 4.05 and earlier, very large coordinates in a page box can cause an integer overflow and divide-by-zero...

Malicious code in audio-separator-fork (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2fdb66a75c58bc11250d088e141d39a4d2bbf8be018db9bb0ca9fd219d7e257 Clones real package and hoddens an obfuscated code trying to run remote scripts as well as establish backdoor through SSH. --- Category: MALICIOUS - The campai...

Malicious code in distube-fast (npm)

This package is a starjack of distube with the addition of a malicious postinstall hook which downloads a PE with characteristics of a downloader/infostealer...

CVE-2024-41068 s390/sclp: Fix sclp_init() cleanup on failure

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclpinit cleanup on failure If sclpinit fails it only partially cleans up: if there are multiple failing calls to sclpinit sclpstatechangeevent will be added several times to sclpreglist, which results in the...

CVE-2024-5815

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

PT-2024-37177 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Cross-Site Request Forgery issue in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. The attacker would have t...

U.S. Dept Of Defense: Boolen Based Blind Sql Injection Via User Agent in ███.mil

The report describes a boolean-based blind SQL injection vulnerability in the User-Agent header of the ███.mil application. The vulnerable parameter was identified, and the vulnerability was confirmed by injecting a payload that triggered different application responses based on the boolean...

WordPress Poll Maker 5.3.2 SQL Injection

Exploit Title: WordPress Poll Maker Plugin SQL Injection Date: 2024-07-11 Exploit Author: tmrswrr Category : Webapps Vendor: https://ays-pro.com/wordpress/poll-maker Version 5.3.2 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go to Poll Maker Results...

[SECURITY] Fedora 40 Update: yt-dlp-2024.07.02-1.fc40

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

The maintainer of chrono-english is unresponsive

All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...

RUSTSEC-2024-0395 The maintainer of chrono-english is unresponsive

All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...

CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflect the changes for peer devlink set logic. Peer devlink set is triggering a call trace if done after...

Evmos allows unvested token delegations

Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade...

RHEL 7 : socat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - socat: possible DoS with fork CVE-2015-1379 Note that Nessus has not tested for this issue but has instead relied o...

[SECURITY] Fedora 39 Update: rust-dotenvy-0.15.7-4.fc39

A well-maintained fork of the dotenv crate...