CVE-2023-52562

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

CVE-2023-52562 mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

CVE-2023-52528 net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xxwaitready...

CVE-2021-46932

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in flushwork. This warning is caused by work-func == NULL, which means missing work initialization. This may happen, since inputdev-close...

UBUNTU-CVE-2019-25162

In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the putdevice down a bit to avoid the use after free. wsa: added comment to the code, added Fixes tag...

Security Bulletin: There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (IBM X-Force ID: 256137)

Summary There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...

Security Bulletin: There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-47718)

Summary There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-47718 DESCRIPTION: IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious...

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

Summary There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite CVE-2023-26049 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in...

GHSA-V626-R774-J7F8 TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

kernel: wifi: mt76: connac: do not check WED status for non-mmio devices

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: do not check WED status for non-mmio devices WED is supported just for mmio devices, so do not check it for usb or sdio devices. This patch fixes the crash reported below: 21.946627 wlp0s3u1i3: authenticate wi...

Security Bulletin: There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453)

Summary There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk...

Debian dla-3550 : libopendmarc-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3550 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3550-1 [email protected] https://www.debian.org/lts/security/...

CLSA-2023-1693420133 Update of alt-php

Fixed possible memory leak - debian/patches/fix-possible-memory-leak.patch: added DestroyDrawInfo call when StringToList returns error...

CVE-2023-39532

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

CLSA-2023-1689886120 python: Fix of CVE-2023-24329

CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...

CLSA-2023-1689259392 Fix CVE(s): CVE-2021-28861

SECURITY UPDATE: Redirection vulnerability in http.server - debian/patches/CVE-2021-28861.patch: Fix an open redirection vulnerability in the http.server module when an URI path starts with // - debian/patches/expat-regression.patch: some tests were fixed - CVE-2021-28861...

CLSA-2023-1688070248 Fix CVE(s): CVE-2023-28322

SECURITY UPDATE: More POST-after-PUT confusion - debian/patches/CVE-2023-28322.patch: fix mess in upload/method handling - CVE-2023-28322...

Security Bulletin: There is a vulnerability in JSZip used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-48285)

Summary There is a vulnerability in JSZip used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when file...

PT-2023-17969 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: In the xmlParseTryOrFinish function of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution...