Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Initialize the restricted pool listhead when SWIOTLBDYNAMIC=y. Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash during boot-time...

MiracleLinux 3 : apr-1.2.7-11AXS3.1 (AXSA:2009-372:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-372:01 advisory. The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many...

EUVD-2021-17229

Malware in sbrugna...

SUSE CVE-2024-36925

In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool listhead when SWIOTLBDYNAMIC=y Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash when initialising the...

AZL-42462 CVE-2024-36925 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool listhead when SWIOTLBDYNAMIC=y Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash when initialising the...

DEBIAN-CVE-2024-36925

In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool listhead when SWIOTLBDYNAMIC=y Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash when initialising the...

PT-2024-9020 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the swiotlb component of the Linux kernel. It occurs when using restricted DMA pools in conjunction with dynamic SWIOTLB, leading to a crash at boot-time due to...

BIT-APACHE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

K67175700: Apache vulnerabilities CVE-2020-9490, CVE-2020-11984, CVE-2020-11993

Security Advisory Description CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via...

Randomizing the KUSER_SHARED_DATA Structure on Windows

Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization KASLR that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space VAS locations including kernel stacks, pools, system PTEs etc. are randomized. A...

Mageia: Security Advisory (MGASA-2018-0460)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-30298

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wire...

CVE-2021-30298

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wire...

Oracle Linux 8 : httpd:2.4 (ELSA-2021-1809)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1809 advisory. - Resolves: 1677590 - CVE-2018-17199 httpd:2.4/httpd: modsessioncookie does not respect expiry time - Resolves: 1869075 - CVE-2020-11984 httpd:2.4/http...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-1602)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge...

Amazon Linux 2 : httpd (ALAS-2020-1490)

The version of httpd installed on the remote host is prior to 2.4.46-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1490 advisory. Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE A flaw was found in Apache httpd in...

EulerOS Virtualization for ARM 64 3.0.6.0 : mod_http2 (EulerOS-SA-2020-2016)

According to the version of the modhttp2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have writt...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-2018)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCECVE-2020-11984 - Apache HTTP Server...

Amazon Linux 2 : mod_http2 (ALAS-2020-1493)

The version of modhttp2 installed on the remote host is prior to 1.15.14-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1493 advisory. Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 reque...

Debian DSA-4757-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2020-1927 Fabrice Perez reported that certain modrewrite configurations are prone to an open redirect. - CVE-2020-1934 Chamal De Silva discovered that the modproxyftp module uses uninitialized memory when proxying to a...