CVE-2024-50942

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml...

PT-2024-34464 · Unknown · Qiwen-File

Name of the Vulnerable Software and Affected Versions: qiwen-file version 1.4.0 Description: The issue is related to a SQL injection vulnerability. It affects the component /mapper/NoticeMapper.xml. Recommendations: For qiwen-file version 1.4.0, consider restricting access to the...

CVE-2024-50942

CVE-2024-50942 affects qiwen-file v1.4.0, with a SQL injection vulnerability in the /mapper/NoticeMapper.xml component. The issue is reported as high impact (CVSSv3.1: 9.8, Confidentiality/Integrity/Availability = HIGH) and exploitable over NETWORK with no user interaction. Documentation consiste...

SUSE CVE-2024-50279

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds acces...

DEBIAN-CVE-2024-50279

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds acces...

DEBIAN-CVE-2024-50280

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayedwork on cachectr error An unexpected WARNON from flushwork may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate...

UBUNTU-CVE-2024-50280

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayedwork on cachectr error An unexpected WARNON from flushwork may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate...

UBUNTU-CVE-2024-50277

In the Linux kernel, the following vulnerability has been resolved: dm: fix a crash if blkallocdisk fails If blkallocdisk fails, the variable md-disk is set to an error value. cleanupmappeddevice will see that md-disk is non-NULL and it will attempt to access it, causing a crash on this statement...

CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails

In the Linux kernel, the following vulnerability has been resolved: dm: fix a crash if blkallocdisk fails If blkallocdisk fails, the variable md-disk is set to an error value. cleanupmappeddevice will see that md-disk is non-NULL and it will attempt to access it, causing a crash on this statement...

The vulnerability of the dm snapshot component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the dm snapshot component in the Linux operating system’s kernel is related to improper locking of resources in the dmexceptiontableexit function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Advisory ROSA-SA-2024-2521

Software: device-mapper-multipath 0.4.9 OS: rosa-server79 packageevrstring: device-mapper-multipath-0.4.9-136 CVE-ID: CVE-2022-41974 BDU-ID: 2022-06669 CVE-Crit: HIGH CVE-DESC.: A vulnerability in multipath-tools multipath-tools driver management software is related to privilege management errors...

AZL-52616 CVE-2024-50091 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the dm vdo module failing to clear the pointer to the dedupecontext after releasing it, which could lead to...

Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024194 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...

The vulnerability of the dm-crypt component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the dm-crypt component in the Linux operating system’s kernel is related to resource management errors during authentication. Exploiting this vulnerability can allow an attacker to cause a service failure...

Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Data Mapper for Jackson

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Data Mapper for Jackson shipped with product. Vulnerability Details CVEID:CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE err...

The vulnerability of the NMAP import service used in the HCL BigFix Enterprise Suite Asset Discovery tool allows a hacker to increase their privileges.

The vulnerability of the NMAP import service used in the HCL BigFix Enterprise Suite Asset Discovery tool is due to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to increase their privileges remotely...

kernel: dm: call the resume method on internal suspend

A flaw was found in the Linux kernel’s device-mapper dm component. The issue arises during internal suspend operations where the resume method is not correctly called. This issue leads to problems such as list corruption, specifically observed when running the lvm2 test suite. The problem occurs...

kernel: md: fix resync softlockup when bitmap size is less than array size

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU3 stuck for 26s!...

kernel: dm: call the resume method on internal suspend

A flaw was found in the Linux kernel’s device-mapper dm component. The issue arises during internal suspend operations where the resume method is not correctly called. This issue leads to problems such as list corruption, specifically observed when running the lvm2 test suite. The problem occurs...