CVE-2023-52978 riscv: kprobe: Fixup kernel panic when probing an illegal position

In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: CONFIGRISCVISAC=n echo 'p:hello kernelclone+0x16 a0=%a0' kprobeevents echo 1...

CVE-2023-52978 riscv: kprobe: Fixup kernel panic when probing an illegal position

In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: CONFIGRISCVISAC=n echo 'p:hello kernelclone+0x16 a0=%a0' kprobeevents echo 1...

CVE-2023-52978

In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: CONFIGRISCVISAC=n echo 'p:hello kernelclone+0x16 a0=%a0' kprobeevents echo 1...

SUSE CVE-2022-49222

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: anx7625: Fix overflow issue on reading EDID The length of EDID block can be longer than 256 bytes, so we should use int instead of u8 for the edidpos variable...

SUSE-SU-2025:0723-1 Security update for vim

This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command bsc1229685. - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer bsc1229822. - CVE-2024-45306: heap buffer...

BIT-RUBY-MIN-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

SUSE CVE-2024-53238

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: adjust the position to init iso data anchor MediaTek iso data anchor init should be moved to where MediaTek claims iso data interface. If there is an unexpected BT usb disconnect during setup flow, it will cause...

SUSE CVE-2024-47538

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, the for loop will...

CVE-2024-47538 GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, the for loop will...

CVE-2024-47538

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, the for loop will...

OpenShift Console Server Side Request Forgery vulnerability

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

AZL-53637 CVE-2024-50272 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemapread If the caller supplies an iocb-kipos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemapread enters an...

WordPress Parallax Image plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via position Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via position Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Parallax Image versions = 1.9...

PT-2024-35416 · D Link · Di-8100

Name of the Vulnerable Software and Affected Versions: DI-8100 version 16.07.26A1 Description: The issue is related to a Buffer Overflow in the ip position asp function, which can be exploited via the ip parameter. Recommendations: For DI-8100 version 16.07.26A1, as a temporary workaround, consid...

kernel: block: refine the EOF check in blkdev_iomap_begin

In the Linux kernel, the following vulnerability has been resolved: block: refine the EOF check in blkdeviomapbegin blkdeviomapbegin rounds down the offset to the logical block size before stashing it in iomap-offset and checking that it still is inside the inode size. Check the isize check to th...

RHEL 5 : kernel (RHSA-2017:2802)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2802 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw was found in the way the Linux kernel...

CVE-2024-38861 Lack of TLS validation in plugin MikroTik on Checkmk Exchange

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4amk through 2.0a...

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...