GHSA-F74J-GFFQ-VM9P pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...

CVE-2022-49738 f2fs: fix to do sanity check on i_extra_isize in is_alive()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on iextraisize in isalive syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in datablkaddr fs/f2fs/f2fs.h:2891 inline BUG: KASAN: slab-out-of-bounds in isalive fs/f2fs/gc.c:1117 inline BUG: KASA...

CVE-2023-52682

A vulnerability was found in the Linux kernel's Flash-Friendly File System F2FS implementation. This issue arises from a failure to wait for block writeback in the post-read case, which could lead to data corruption or inconsistencies. Mitigation Mitigation for this issue is either not available ...

CVE-2023-52682 f2fs: fix to wait on block writeback for post_read case

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for postread case If inode is compressed, but not encrypted, it missed to call f2fswaitonblockwriteback to wait for GCed page writeback in IPU write path. Thread A GC-Thread - f2fsgc -...

CLSA-2023-1683146027 kernel: Fix of 23 CVEs

media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - net: mpls: fix stale pointer if allocation fails during device rename CVE-2023-26545 - net/ulp: prevent ULP without clone op from entering the LISTEN status CVE-2023-0461 - Bluetooth: L2CAP: Fix u8 overflow CVE-2022-45934 -...

Espruino 安全漏洞

Espruino is a JavaScript interpreter. It is designed for devices with only 128kB of flash memory and 8kB of RAM. A security vulnerability exists in Espruino version 2v05.41, which can be exploited by an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in the file...

Fix of CVE: CVE-2020-0466, CVE-2022-0492, CVE-2021-4155, CVE-2021-0920

cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...

Ubuntu: Security Advisory (USN-2840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2829-2: Linux kernel (Vivid HWE) vulnerabilities

It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service system crash. CVE-2015-5283 Dmitry Vyukov discovered that the Linux kernel's keyring handler...

CVE-2006-3451

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets CSS, which allows remote attackers to execute arbitrary code via unspecified vectors...