CVE-2024-27406 lib/Kconfig.debug: TEST_IOV_ITER depends on MMU

In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TESTIOVITER depends on MMU Trying to run the ioviter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. KTAP version 1 Subtest: ioviter module: kunitioviter 1..9 BUG: failure...

UBUNTU-CVE-2024-31459

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the apipluginho...

CVE-2024-31459 Cacti RCE vulnerability by file include in lib/plugin.php

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the apipluginho...

CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...

CVE-2024-4068 Memory Exhaustion in braces

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

CVE-2024-4068

CVE-2024-4068 affects the NPM package braces. Versions prior to 3.0.3 fail to limit input length, causing a loop in lib/parse.js when given imbalanced braces, leading to memory exhaustion and potential crash of the host process. IBM/DB2-related bulletins confirm the brace-expansion issue as a vul...

CVE-2024-4068 Memory Exhaustion in braces

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

RHEL 8 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python: Nested zip file Zip bomb vulnerability in Lib/zipfile.py CVE-2019-9674 - Modules/pickle.c in Pyth...

CVE-2024-34476

Open5GS before 2.7.1 is affected by CVE-2024-34476 due to a reachable assertion in ogs_nas_encrypt (lib/nas/common/security.c) when processing NAS messages from a UE, related to pkbuf->len. This can cause an AMF crash. Evidence across multiple sources confirms the affected software and the und...

Malicious code in uidm-react-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 46d06a0532602d59ada5b5296d3344ff79c9be233ff036127aad80ba624e6e95 The OpenSSF Package Analysis project identified 'uidm-react-lib' @ 99.99.1 npm as malicious. It is considered malicious because: - The package...

CVE-2022-48695

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcountt: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28...

CVE-2022-48695

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcountt: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28...

CVE-2022-48670

CVE-2022-48670 is a Linux kernel use-after-free in peci CPU handling. When auxiliary_device_add() errors, auxiliary_device_uninit() is called, decrementing the device refcount and triggering .release; adev_release() then re-calls auxiliary_device_uninit(), causing use-after-free. Affected: Linux ...

CVE-2024-26958 nfs: fix UAF in direct writes

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

CVE-2024-26958 nfs: fix UAF in direct writes

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

kernel: Null Pointer Dereference vulnerability in ida_free in lib/idr.c

A Null pointer dereference problem was found in idafree in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return...

CVE-2023-52728

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString...

CVE-2023-52727

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits...

CVE-2023-52727

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits...

CVE-2023-52728

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString...