Ubuntu: Security Advisory (USN-7003-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-7003-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7003-2 advisory. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could us...

SUSE-SU-2024:3144-1 Security update for hdf5, netcdf, trilinos

This update for hdf5, netcdf, trilinos fixes the following issues: hdf5 was updated from version 1.10.8 to 1.10.11: - Security issues fixed: CVE-2019-8396: Fixed problems with malformed HDF5 files where content does not match expected size. bsc1125882 CVE-2018-11202: Fixed that a malformed file...

CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

The vulnerability of the configfs component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the configfs component in the Linux operating system’s kernel is related to parallel execution using a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause service failures...

OESA-2024-2080 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: iouring: fix memleak in ioinitwqoffload I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 size 96: comm...

DEBIAN-CVE-2024-42301

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I...

Huawei HarmonyOS and EMUI Parallel Vision Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a privilege...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a privilege...

CVE-2024-42103

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfsreclaimbgswork and adding to the unused list. Since the block group is removed from...

CVE-2024-42103 btrfs: fix adding block group to a reclaim list and the unused list during reclaim

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfsreclaimbgswork and adding to the unused list. Since the block group is removed from...

CVE-2024-42103

CVE-2024-42103 applies to the Linux kernel BTRFS subsystem. The issue arises in the reclaim path for block groups: during btrfs_reclaim_bgs_work, a block group removed from the reclaim list can be added in parallel to the unused list, which may then be moved to the reclaim list again and corrupt ...

CVE-2024-42103 btrfs: fix adding block group to a reclaim list and the unused list during reclaim

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfsreclaimbgswork and adding to the unused list. Since the block group is removed from...

CVE-2024-39919 Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an ALLOWLIST where the host can specify which services the user is permitted to capture screenshots of. By...

OPENSUSE-SU-2024:0194-2 Security update for keybase-client

This update for keybase-client fixes the following issues: Update to version 6.2.8 Update client CA Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo1213928. This is done via the new update-image-tiff.patch. - Limit parallel test executi...

TensorFlow has null dereference on ParallelConcat with XLA

...

PT-2024-28055 · Nptd-Rs · Nptd-Rs

Name of the Vulnerable Software and Affected Versions: nptd-rs versions prior to 1.1.3 Description: The issue is related to a missing limit for accepted NTS-KE connections in nptd-rs, a tool for synchronizing computer clocks that implements the NTP and NTS protocols. This allows an unauthenticate...

CVE-2022-48734 btrfs: fix deadlock between quota disable and qgroup rescan worker

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes. However, this wait can be infinite and results in deadlock because...

CVE-2024-22441

HPE Cray Parallel Application Launch Service PALS is subject to an authentication bypass...

PT-2024-19427 · Hewlett Packard · Hpe Cray Pals

Name of the Vulnerable Software and Affected Versions: HPE Cray Parallel Application Launch Service PALS affected versions not specified Description: The issue is related to an authentication bypass in HPE Cray Parallel Application Launch Service PALS. No information is provided about the estimat...