AZL-67605 CVE-2024-53219 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...

UBUNTU-CVE-2024-53219

In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...

CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO

In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...

kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

CVE-2024-52337 Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

CVE-2024-53333

TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...

CVE-2024-53333

TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...

CVE-2024-53333

Totolink EX200 (v4.0.3c.7646_B20201211) contains a command-injection vulnerability in the setUssd function, allowing arbitrary commands to be executed via the ussd parameter. The CVE entry notes a network-exposed, low-privilege path with required user interaction and a high impact on availability...

CVE-2024-53333

TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the fact that by directly specifying the ID of a table or view, a malicious user can blindly...

PT-2024-35350 · Nextcloud · Nextcloud Tables

Name of the Vulnerable Software and Affected Versions: Nextcloud Tables versions prior to 0.8.0 Description: The issue allows a malicious user to insert new rows into tables they have no access to by directly specifying the ID of a table or view. Recommendations: For versions prior to 0.8.0,...

The vulnerability of the os.path.normpath() function in the Python interpreter lies in its ability to bypass permission checks when shortening a path by inserting a zero byte. This allows an attacker to compromise the integrity of the protected information.

The vulnerability of the os.path.normpath function in the Python interpreter relates to the handling of permission lists when shortening a path by inserting a zero byte. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the integrity of protected information...

The vulnerability of the software for generating real-time failure reports in Sentry arises from the need to insert confidential information into the transmitted data. This allows a intruder to gain access to confidential information.

The vulnerability of the software for generating real-time failure reports in Sentry relates to the insertion of confidential information into the transmitted data. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...

PT-2024-35666

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0-rc5+ Description A vulnerability in the Linux kernel has been resolved, related to the virtiofs module. When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, a warning is...

SUSE CVE-2024-49884

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of...

Unspecified Vulnerability in Oracle MySQL (CNVD-2025-18064)

Oracle MySQL is an open source relational database management system from Oracle Corporation.MySQL Connectors is one of the drivers for connecting applications that use MySQL. A security vulnerability exists in MySQL Connectors for Oracle MySQL, which can be exploited by an attacker to update,...

CVE-2024-50002

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...

DEBIAN-CVE-2024-49884

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of...

CVE-2024-50002 static_call: Handle module init failure correctly in static_call_del_module()

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...

CVE-2024-50002 static_call: Handle module init failure correctly in static_call_del_module()

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...