DEBIAN-CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

AZL-51729 CVE-2024-10041 affecting package pam for versions less than 1.5.3-4

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

CVE-2024-9987

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agentsmodulescsv functionality. This issue affects Pandora FMS: from 700 through 777.3...

Pandora FMS SQL注入漏洞

Pandora FMS is a monitoring system from Pandora FMS, USA. The system monitors networks, servers, virtual infrastructures, applications, etc. through visualization. A security vulnerability exists in Pandora FMS that stems from a post-authentication SQL injection vulnerability in the filters...

CVE-2022-49003 nvme: fix SRCU protection of nvme_ns_head list

In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvmenshead list Walking the nvmenshead siblings list is protected by the head's srcu in nvmensheadsubmitbio but not nvmempathrevalidatepaths. Removing namespaces from the list also fails to synchroniz...

CVE-2024-50046 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42completecopies On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the...

CVE-2024-50032

...

DEBIAN-CVE-2024-50002

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...

SUSE CVE-2024-47740

In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the mm component not performing LSM security checks in the remapfilepages system call...

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP4) (SUSE-SU-2024:3695-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3695-1 advisory. This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed...

SUSE-SU-2024:3694-1 Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005549 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

CVE-2024-9143 Low-level invalid GF(2^m) parameters lead to OOB memory access

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

CVE-2024-9143

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

SUSE-SU-2024:3652-1 Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651. -...

OpenSSL 3.2.0 < 3.2.4 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.2.4. It is, therefore, affected by a vulnerability as referenced in the 3.2.4 advisory. - Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-boun...

SUSE-SU-2024:3623-1 Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001338 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-721)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-721 advisory. Issue summary: Applications performing certificate name checks e.g., TLSclients checking server certificates may attempt to read an invalid memoryaddress resulting in abnormal termination of the...

CVE-2024-9916

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The...

CVE-2024-9916

HuangDou UTCMS V9 is affected by a remote OS command injection in app/modules/ut-cac/admin/cli.php via the o parameter. The vulnerability affects unknown functionality and can be exploited remotely; public exploit details exist and vendor reportedly did not respond. Remediation per sources: apply...