UBUNTU-CVE-2024-53065

In the Linux kernel, the following vulnerability has been resolved: mm/slab: fix warning caused by duplicate kmemcache creation in kmembucketscreate Commit b035f5a6d852 "mm: slab: reduce the kmalloc minimum alignment if DMA bouncing possible" reduced ARCHKMALLOCMINALIGN to 8 on arm64. However, wi...

CVE-2024-52916

Bitcoin Core before 0.15.0 allows a denial of service OOM kill of a daemon process via a flood of minimum difficulty headers...

CVE-2024-52916

Bitcoin Core before 0.15.0 allows a denial of service OOM kill of a daemon process via a flood of minimum difficulty headers...

CVE-2024-52916

Summary (CVE-2024-52916) : Bitcoin Core versions prior to 0.15.0 are affected by a denial-of-service condition caused by a flood of minimum-difficulty headers, which can lead to an out-of-memory (OOM) exhaustion of the daemon. This impacts availability of the Bitcoin Core node. Remediation: upgra...

CVE-2024-52916

Bitcoin Core before 0.15.0 allows a denial of service OOM kill of a daemon process via a flood of minimum difficulty headers...

PT-2024-35484 · Unknown · Bitcoin Core

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 0.15.0 Description: The issue allows for a denial of service, where an attacker can cause the daemon process to be killed due to an out-of-memory condition by flooding it with minimum difficulty headers...

[SECURITY] Fedora 40 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc40

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

[SECURITY] Fedora 39 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc39

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

kernel: bluetooth: race condition in sniff_{min,max}_interval_set()

A race condition vulnerability was found in the Linux kernel's net/bluetooth in sniffmin,maxintervalset function. This issue can result in a Bluetooth sniffing exception issue, possibly leading to denial of service...

kernel: ALSA: timer: Set lower bound of start tick time

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...

CVE-2024-50258 net: fix crash when config small gso_max_size/gso_ipv4_max_size

In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gsomaxsize/gsoipv4maxsize Config a small gsomaxsize/gsoipv4maxsize will lead to an underflow in skdstgsomaxsize, which may trigger a BUGON crash, because sk-skgsomaxsize would be much bigger than...

net: dpaa: Pad packets to ETH_ZLEN

...

RockyLinux 9 : kernel (RLSA-2024:8617)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8617 advisory. hw: cpu: intel: Native Branch History Injection BHI CVE-2024-2201 kernel: tcp: add sanity checks to rx zerocopy CVE-2024-26640 kernel: mptcp: fix data...

GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time...

UBUNTU-CVE-2024-49888

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a sdiv overflow issue Zac Ecob reported a problem where a bpf program may cause kernel crash due to the following error: Oops: divide error: 0000 1 PREEMPT SMP KASAN PTI The failure is due to the below signed divide:...

PT-2024-33729

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A problem in the Linux kernel has been identified where a bpf program may cause a kernel crash due to a signed divide error. The issue arises when the divisor is -1, which can lead to ...