CVE-2022-49009

The CVE-2022-49009 issue affects the Linux kernel component hwmon:asus-ec-sensors, where devm_kcalloc may return NULL and the return value must be checked to avoid NULL pointer dereference. The provided documents confirm a resolved vulnerability with a fix implementing checks for the NULL return ...

CVE-2024-49895 drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the cm3helpertranslatecurvetodegammahwformat function in the DCN30 color...

CVE-2024-49857 wifi: iwlwifi: mvm: set the cipher for secured NDP ranging

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it by pointing to the cipher parameter before...

CVE-2024-47733 netfs: Delete subtree of 'fs/netfs' when netfs module exits

In the Linux kernel, the following vulnerability has been resolved: netfs: Delete subtree of 'fs/netfs' when netfs module exits In netfsinit or fscacheprocinit, we create dentry under 'fs/netfs', but in netfsexit, we only delete the proc entry of 'fs/netfs' without deleting its subtree. This...

[SECURITY] Fedora 40 Update: rust-tonic-build-0.12.3-1.fc40

Codegen module of tonic gRPC implementation...

[SECURITY] Fedora 39 Update: rust-tonic-build-0.12.3-1.fc39

Codegen module of tonic gRPC implementation...

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

CVE-2024-9313

Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them...

DRUPAL-CONTRIB-2024-043

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module does not sufficiently migrate sessions before prompting for a second factor token. This vulnerability is mitigated by the fact that an attacker must fixat...

Synology DiskStation Manager Credentials Management Errors (CVE-2010-3684)

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. This plugin only works with...

CVE-2024-47294

CVE-2024-47294 affects Huawei HarmonyOS/EMUI via an access rights/permission verification vulnerability in the Input Method Framework module. The primary impact stated is availability disruption on exploitation, with CVSS v3.1 base metrics indicating high availability impact (NVD: AV:N/AC:L/PR:N/...

CVE-2024-47293

Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability...

RHEL 8 : python3.11 (RHSA-2024:6962)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6962 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CVE-2024-46729

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop WHY feclken has size of 5 but sizeoffeclken has byte size 20 which is lager than the array size. HOW Divide byte size 20 by its element size. This fixes 2 OVERRUN issues...

Updated clamav packages fix security vulnerabilities

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service DoS condition. CVE-2024-20505 Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam'...

CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-45007

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroyworkqueue may be called from within a work item for destroying its own workqueue. This illegal situation is averted by...

CVE-2024-45449

Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-45441

Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability...