CVE-2022-48830 can: isotp: fix potential CAN frame reception race in isotp_rcv()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotprcv When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. Ziyang Xuan writes: The...

EulerOS 2.0 SP10 : llvm (EulerOS-SA-2024-1890)

According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata function via a crafted pdflatex.fmt file or perhaps a crafted .o file to llvm-lto...

SUSE CVE-2024-26759

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swapin the same entry at the same time, they get different pages A, B. Before one thread T0 finishes the swapin and...

Error: "Remote license server is not compatible" after upgrading to XMS 10.8.23

After upgrading the server to XenMobile server to 10.8.23 Unable to access remote licenses...

XenMobile: Unable to enroll devices Error: "Username and Password are Incorrect"

User is unable to enroll in XenMobile After entering username and password in SecureHub usersreceive the error: "Incorrect Username and Password are Incorrect" Users are able to authenticate in windows with the same credentials...

When Load Balancing StoreFront on NetScaler all Connections Go to One Server in NetScaler Gateway Set Up

StoreFront servers are not load balanced; all connections go to one server in NetScaler Gateway set up. Following is a screen shot of the status of load balanced servers:...

VMware vSphere 5.5 - Communication Issue from Studio Console

Hosting a VMware vSphere 5.5 server through XenDesktop or XenApp Studio displays the following error:...

CVE-2024-38709

CVE-2024-38709 corresponds to a Local File Inclusion in the WordPress plugin GD Rating System (versions <= 3.6). The underlying issue is path traversal that allows including restricted files via the plugin’s handling of file paths. Public entries consistently identify the affected software as ...

CVE-2024-39507 net: hns3: fix kernel crash problem in concurrent scenario

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix...

CVE-2024-39506 liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in liovfrepcopypacket In liovfrepcopypacket pginfo-page is compared to a NULL value, but then it is unconditionally passed to skbaddrxfrag which looks strange and could lead to null...

VDA launch stuck at "Please wait for local session manager" for version 2303 or later

VDA launch may stuck at "Please wait for local session manager" after VDA 2303 or later...

Mageia: Security Advisory (MGASA-2024-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-34723

Summary: CVE-2024-34723 describes a logic error in Android’s ParcelableListBinder.java (onTransact) that could enable local elevation of privilege by stealing the mAllowlistToken to launch an app from the background, without extra privileges or user interaction. The vulnerability is tied to how P...

CVE-2024-34726

The CVE-2024-34726 issue is in PVRSRV_MMap (pvr_bridge_k.c) of the PVR bridge kernel module. A logic error in PVRSRV_MMap can allow arbitrary code execution, enabling local kernel escalation of privilege with no extra execution privileges and without user interaction. The available documents do n...

CVE-2024-34725

The CVE-2024-34725 entry describes a race condition in DevmemIntUnexportCtx of devicemem_server.c that can allow arbitrary code execution and local privilege escalation in the kernel, with no extra privileges or user interaction required. Connected records (Red Hat, NVD, CVE lists, OSV) confirm t...

CVE-2024-34721

CVE-2024-34721 describes an information-disclosure in Android’s MediaProvider.java, in ensureFileColumns, where improper input validation may allow a user to disclose files owned by another user. This is a local disclosure with no extra execution privileges required and does not require user inte...

CVE-2024-31335

The CVE-2024-31335 entry concerns a logic error in DevmemIntChangeSparse2 within devicemem_server.c that can enable arbitrary code execution with local privilege elevation in the kernel. Connected sources indicate affected components include Android’s kernel-related stack and PowerVR-GPU subcompo...

CVE-2024-31339

CVE-2024-31339 affects Google Android: a memory corruption via use-after-free in multiple functions of StatsService.cpp can lead to local escalation of privilege with no user interaction. The issue impacts the Statsd component and is listed in Android Security Bulletin details for 2024-07-01/07-0...

CVE-2024-34720

CVE-2024-34720 affects Google Android: a logic error in com_android_internal_os_ZygoteCommandBuffer.cpp (ZygoteCommandBuffer.nativeForkRepeatedly) may enable arbitrary code execution in any app’s zygote processes, causing local privilege escalation with no extra privileges or user interaction req...

CVE-2024-31331

CVE-2024-31331 affects the Android Framework, specifically a logic error in PackageManagerService.java setMimeGroup that can hide the service from Settings. This can enable local elevation of privilege with high impact (confidentiality/integrity/availability). Exploitation requires local access a...