Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the cgroup2 filesystem not instantiating a new dentry when returning from mkdir...

RHEL 6 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Start scripts permit database administrator to modify root-owned files CVE-2017-15097 -...

DEBIAN-CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

CVE-2024-36903

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

AZL-56225 CVE-2024-36903 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

UBUNTU-CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from potential uninitialized value access in the ipv6 module ip6makeskb...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a security flaw in ipmakeskb...

EulerOS 2.0 SP12 : sqlite (EulerOS-SA-2024-1754)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file...

PT-2024-40771 · Unknown · Xpackdynamictable

Name of the Vulnerable Software and Affected Versions: XpackDynamicTable affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the XpackDynamicTable:: make space function, which is called by the...

Docker Privileged Container Kernel Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Privileged Container Kernel Escape', 'Description' = %q This module performs a container escape onto the host as the daemon user. It takes...

PT-2024-27215

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description A vulnerability has been resolved in the Linux kernel, specifically in the ipv4 module. The issue is related to an uninit-value access in the ip make skb function. This function tests the HDRIN...

make-it.nl Improper Access Control vulnerability OBB-3922900

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

acme-dns-rust (>=1.0.0 <=1.0.6), asfa (>=0.1.0 <=0.5.2) +72 more potentially affected by unknown CVE via whoami (>=0.5.3 <=1.2.3)

whoami CARGO version =0.5.3, =1.0.0, =0.1.0, =3.0.0, =0.60.0, =0.60.0, =0.1.0, =0.27.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.2.1, =0.0.0, =0.0.1, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5W5-8VFH-XCJQ...

EulerOS 2.0 SP11 : sqlite (EulerOS-SA-2024-1228)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the fil...

CVE-2024-25849

In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...

Sql injection

In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...

CVE-2024-25849

In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...

CVE-2024-25849

CVE-2024-25849 affects PrestaToolKit Make an offer module for PrestaShop (version ≤ 1.7.1). The vulnerability is a SQL injection in guest-accessible flows via MakeOffers::checkUserExistingOffer() and MakeOffers::addUserOffer(), leading to potential unauthorized data access or modification. Affect...

PT-2024-21161 · Prestatoolkit · Prestatoolkit Make An Offer Module

Name of the Vulnerable Software and Affected Versions: PrestaToolKit Make an offer module version 1.7.1 and earlier Description: A SQL injection issue exists in the Make an offer module, allowing a guest to perform SQL injection via the MakeOffers::checkUserExistingOffer and...