SUSE CVE-2024-8612

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueuepush as set in virtioscsicompletereq / virtioblkreqcomplete / viritocryptoreqcomplete could be larger than the true size of the data which has been sent to guest. Once virtqueuepush finally...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2024-2460)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2460)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Cognos Analytics is vulnerable to unauthorized attacks due to an exposed API key (CVE-2024-40703)

Summary An exposed API key in IBM Cognos Analytics could allow an unauthorized attacker to send unsolicited push notification alerts to IBM Cognos Analytics Mobile client applications. IBM Cognos Analytics has addressed the applicable CVE by revoking the exposed API key. Revocation of this API ke...

QEMU 信息泄露漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. QEMU suffers from an information disclosure vulnerability that stems from the fact that the size of virtqueuepush set in the virtio-scsi,...

PT-2024-39133 · Qemu +2 · Qemu +2

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue push as set in virtio scsi complete req, virtio blk req complete, and virtio crypto...

Arbitrary Command Execution

push-dir is vulnerable to Arbitrary Command Execution. The vulnerability is due to the lack of validation for arguments provided in the "opt.branch" variable before being passed to the "git" command, allowing an attacker to inject arbitrary commands...

SUSE CVE-2024-44998

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeuerx We can't dereference "skb" after calling vcc-push because the skb is released...

UBUNTU-CVE-2024-44998

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeuerx We can't dereference "skb" after calling vcc-push because the skb is released...

CVE-2024-44998

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeuerx We can't dereference "skb" after calling vcc-push because the skb is released...

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2024-2322)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2302)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2322)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2024-2302)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

CentOS 9 : curl-7.76.1-31.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-31.el9 build changelog. - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allow...

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

CLSA-2024-1724788603 curl: Fix of CVE-2024-2398

CVE-2024-2398: fix memory leak when aborting server push due to exceeding header limit...

EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2024-2164)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

curl: HTTP/2 push headers memory-leak

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2134)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...