CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

OracleVM 3.4 : kernel-uek (OVMSA-2024-0004)

The remote OracleVM system is missing necessary patches to address security updates: - A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a...

CVE-2024-26674

CVE-2024-26674 affects the Linux kernel x86/mm code, specifically a fixup path for get_user()/put_user(). In kernel builds >= 6.4 memory-error-injection can trigger a machine-check and panic due to a revert from _ASM_EXTABLE_UA() to a more generic fixup type. The issue arose when MCA handling ...

MAL-2024-1163 Malicious code in paysafe-gpf-as-communication-lib-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997f87146bcd457b4e2cb94ddbcfbb3730c96dd9a2b5843fcabcbb9456cf899d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian: Security Advisory (DSA-5642-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2024 https://www.debian.org/security/faq -...

Debian dsa-5642 : php-dompdf-svg-lib - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5642 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1...

CVE-2021-47124

In the Linux kernel, the following vulnerability has been resolved: iouring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcountwarnsaturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcountwarnsaturate+0x15b/0x1a0 lib/refcount.c:28 Call Trace: refcountsubandtest...

Malicious code in wm-lib-api-error-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9c48e2ab0480956dd0db4c0bc2e946be8a52112fb31f959900edb9a914f02367 The OpenSSF Package Analysis project identified 'wm-lib-api-error-handler' @ 1.0.2 npm as malicious. It is considered malicious because: - The...

The vulnerability of the kmem_cachedestroy function in the lib/listdebug.c library of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the kmemcachedestroy function in the lib/listdebug.c library of the Linux operating system’s kernel is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

Malicious code in mastercard-postman-encryption-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 691dd44f85f523c698375261ea598d5fdee9c92da99d633a29b32bc5a2b44068 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-52606

A potential stack corruption flaw was found in arch/powerpc/lib/sstep.c in the Linux kernel. This may lead to compromised Confidentiality or Availability...

CVE-2023-52606

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

CVE-2023-52606 powerpc/lib: Validate size for vector operations

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

CVE-2023-52606

CVE-2023-52606 : In the Linux kernel, the vulnerability involves the powerpc/lib area where vector-operation sizes used by fp/vmx emulation were assumed to have a maximum size, but the true size is determined separately in analyse_instr(). A check was added to validate the maximum size of the vec...

CVE-2023-52606 powerpc/lib: Validate size for vector operations

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

kernel security update

4.18.0-513.18.1.el89.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

Privilege Escalation

app-builder-lib is vulnerable to Privilege escalation. The vulnerability is due to NSExec searching the current directory of the installer before searching the system's PATH when making a system call to open cmd.exe in the .nsh installer script. This flaw allows an attacker to exploit the situati...

@abcum/ember-app (>=0.1.0 <=0.12.0), @abcum/ember-contextmenu (>=3.0.5 <=4.0.1) +176 more potentially affected by CVE-2024-27303 via app-builder-lib (>=20.24.0 <=24.13.1)

app-builder-lib NPM version =20.24.0, =0.1.0, =3.0.5, =0.1.0, =1.0.0, =0.0.10, =0.0.1, =0.0.1-alpha.0, =0.0.1, =1.0.1, =1.0.1, =1.0.5, =0.0.24, =0.39.0, =1.17.0 and more Source cves: CVE-2024-27303 Source advisory: OSV:GHSA-R4PF-3V7R-HH55...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized userpversion The userpversion was uninitialized for the user space file structure in the open function, because the file private structure use kmalloc for the allocation. The kernel ALSA...