DEBIAN-CVE-2024-41033

In the Linux kernel, the following vulnerability has been resolved: cachestat: do not flush stats in recency check syzbot detects that cachestat is flushing stats, which can sleep, in its RCU read section see 1. This is done in the workingsettestrecent step which checks if the folio's eviction is...

Security Bulletin: IBM DataStage Flow Designer is vulnerable to information disclosure (CVE-2024-40704)

Summary An information disclosure vulnerability in DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-40704 DESCRIPTION: IBM DataStage Flow Designer could allow a privileged user to obtain sensitive information from authentication request headers. CVSS Base score: 4.9 CVS...

UBUNTU-CVE-2022-48840

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix hang during reboot/shutdown Recent commit 974578017fc1 "iavf: Add waiting so the port is initialized in remove" adds a wait-loop at the beginning of iavfremove to ensure that port initialization is finished prior...

Security Bulletin: IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025

Summary IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION...

CVE-2022-48751 net/smc: Transitional solution for clcsock race issue

In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and it is caused by accessing smc-clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 P...

CLSA-2024-1718270850 Fix CVE(s): CVE-2023-4016

SECURITY UPDATE: Ability to write almost unlimited amounts of unfiltered data into the process heap - debian/patches/CVE-2023-4016-2.patch: ps: extended fix of the CVE-2023-4016 - fix possible buffer overflow in -C option. - CVE-2023-4016...

Symfony has unsafe methods in the Request class

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not maintain...

CVE-2021-47484 octeontx2-af: Fix possible null pointer dereference.

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files "rvudebugfs.c" and "rvunix.c"...

SUSE CVE-2024-35960

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, addrulefg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, createflowhandle tries hard to find and...

Security Bulletin: There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-21634)

Summary There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a...

AZL-57755 CVE-2022-48703 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...

SUSE CVE-2024-27037

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

UBUNTU-CVE-2024-27037

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045)

Summary Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-22036 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow a remo...

ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks

Name: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks Component: ibc-go Criticality: Critical ACMv1: I:Critical; L:AlmostCertain Affected versions: v4.6.0, v5.4.0, v6.3.0, v7.4.0, v8.2.0 Affected users: Chain Builders + Maintainers Summary Through the deployment and...

Security Bulletin: There is a vulnerability in Java SE used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-20918, CVE-2024-20926 and CVE-2024-20952)

Summary There is a vulnerability in Java SE used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentialit...

CVE-2024-26709

In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix the missing iommugroupput during platform domain attach The function spaprtceplatformiommuattachdev is missing to call iommugroupput when the domain is already set. This refcount leak shows up with BUGON during...

CVE-2024-26663 tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipcudpnlbeareradd syzbot reported the following general protection fault 1: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 1 PREEMPT SMP KASAN...

Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43643)

Summary There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-43643 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2023-32335)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-32335 DESCRIPTION: IBM Maximo Asset Management stores sensitive information in URL parameters. This may lead to information disclosure if...