5 matches found
kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.
In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tstrun from lwtseg6localprogops. The syzbot reported that the lwtseg6 related BPF ops can be invoked via bpftestrun without without entering inputactionendbpf first. Martin KaFai Lau said that self test for...
Xinhu RockOA 安全漏洞
Xinhu RockOA is an office OA system of China Xinhu Xinhu Company. A security vulnerability exists in Xinhu RockOA 2.6.5 and earlier versions, which originates from the inputAction.php file and the saveAjax function that allows SQL injection, which may result in the execution of arbitrary code...
SUSE CVE-2024-46754
In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tstrun from lwtseg6localprogops. The syzbot reported that the lwtseg6 related BPF ops can be invoked via bpftestrun without without entering inputactionendbpf first. Martin KaFai Lau said that self test for...
kernel: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
A vulnerability was found in the Linux kernel's segment routing seg6 component in the inputactionenddx4 and inputactionenddx6 functions, where improper parameter passing to the NFHOOK can occur, which leads to a NULL pointer dereference when a NULL input device is provided, resulting in a kernel...
CVE-2024-40957
In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NFHOOK in End.DX4 and End.DX6 behaviors inputactionenddx4 and inputactionenddx6 are called NFHOOK for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outde...