1895 matches found
SUSE CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with scriptpre or scriptpost options that permit arbitrary...
AZL-53696 CVE-2024-52336 affecting package tuned for versions less than 2.15.0-5
A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with scriptpre or scriptpost options that permit arbitrary...
AZL-53600 CVE-2024-52336 affecting package tuned for versions less than 2.21.0-2
A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with scriptpre or scriptpost options that permit arbitrary...
tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...
tuned 安全漏洞
tuned is tuned open source server-side program for a dynamic system tuning tool. The program is mainly used to monitor and collect data from various system components, and dynamically adjust system settings based on the information provided by the data. tuned has a security vulnerability that...
Important: tuned security update
The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: scriptpre and scriptpost options allow to pass arbitrary scripts executed by root CVE-2024-52336 tuned: improper sanitization of instancename parameter of the instancecreate...
Malicious code in cloud-functions-schedule-instance (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d10678b76e1cf601f3ff31de7642b60bd56df7c7899eb2c23808c2ef0ebf778 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-50183
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...
"No Such Instance currently exists at this OID" retuned even the OID is correct
"No Such Instance currently exists at this OID" retuned even the OID is correct like nsCPUusage OID: 1.3.6.1.4.1.5951.4.1.1.41.6.1.2 sysHealthDiskPerusage OID: 1.3.6.1.4.1.5951.4.1.1.41.8.1.5 etc...
CVE-2024-9476
A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizatio...
kernel: nouveau: fix instmem race condition around ptr stores
A flaw was found in the nouveau module in the Linux kernel. In some conditions, a race condition can cause a NULL pointer dereference, resulting in a denial of service...
kernel: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
A flaw was found in the Linux kernel's HDA driver before initialization. This issue occurs when a user unloads and then reloads the module, and could allow a local user to crash the system...
AZL-54074 CVE-2024-50183 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...
CVE-2024-50183
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...
CVE-2024-50183
CVE-2024-50183 relates to the Linux kernel lpfc SCSI NPIV cleanup: deleting an NPIV instance must release all fabric ndlps, or a kref imbalance race occurs. The fix forces DA_ID to complete synchronously using a wait_queue, per the description in both the original CVE entry and Astra Linux securi...
CVE-2024-50183 scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...
CVE-2024-50183
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...
CVE-2024-50183 scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of DAID before NPIV instance deletion...
SmartAgent 1.1.0 Server-Side Request Forgery Vulnerability
Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery SSRF Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can trigger the web server to perform web requests to the localho...