412 matches found
SUSE-SU-2024:3200-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2024-6923: Fixed email header injection due to unquoted newlines bsc1228780 Other fixes: - %profileopt variable is set according to the variable %doprofiling bsc1227999 - Stop using %%defattr, it seems to be breaking proper executable...
kernel: x86: stop playing stack games in profile_pc()
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
SUSE-SU-2024:2982-1 Security update for python311
This update for python311 fixes the following issues: Security issues fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines bsc1228780 - CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer bsc1227233 - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private...
AMD µPROF Security Notice
Bulletin ID: AMD-SB-9001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows®, Linux® and FreeBSD® operating systems and is designed to...
SUSE CVE-2024-42096
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
CVE-2024-42096
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
CVE-2024-42096
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
DEBIAN-CVE-2024-42096
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
CVE-2024-42096
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
UBUNTU-CVE-2024-42096
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
CVE-2024-42096 x86: stop playing stack games in profile_pc()
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
CVE-2024-42096 x86: stop playing stack games in profile_pc()
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
CVE-2024-42096 x86: stop playing stack games in profile_pc()
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
MAL-2024-6449 Malicious code in active_profiling (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +116 more potentially affected by CVE-2024-37062 via ydata-profiling (>=4.0.0 <=4.7.0)
ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37062 Source advisory: OSV:GHSA-FPVJ-M2H6-6WC5...
aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +116 more potentially affected by CVE-2024-37063 via ydata-profiling (>=4.0.0 <=4.7.0)
ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37063 Source advisory: OSV:GHSA-2R57-2MRH-GGJV...
ydata unsafe deserialization
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded...
aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +116 more potentially affected by CVE-2024-37064 via ydata-profiling (>=4.0.0 <=4.7.0)
ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37064 Source advisory: OSV:GHSA-CG49-HRJ4-3RPR...
GHSA-CG49-HRJ4-3RPR ydata unsafe deserialization
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...
ydata unsafe deserialization
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...