UBUNTU-CVE-2021-47150

In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fecenetinit If the memory allocated for cbdbase is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues...

CVE-2021-47178

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smpprocessorid in preemptible code The BUG message "BUG: using smpprocessorid in preemptible 00000000 code" was observed for TCMU devices with kernel config DEBUGPREEMPT. The message was observed when...

CIGESv2 跨站脚本漏洞

CIGESv2 is a queue and reservation management system from CIGESv2, Inc. CIGESv2 suffers from a cross-site scripting vulnerability that stems from the presence of a stored cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to execute and store malicious JavaScript co...

UBUNTU-CVE-2024-26643

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released fr...

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities (CVE-2024-1597, CVE-2023-26159)

Summary IBM Security Verify Information Queue ISIQ v10.0.8 has addressed vulnerabilities in the third-party libraries with an update. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted...

DEBIAN-CVE-2023-52609

In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput and doexit Task A calls binderupdatepagerange to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmgetnotzero first. This can race with Task ...

The vulnerability of the messaging software: The IBM MQ Appliance, the IBM MQ Operator for managing containerized environments, and the IBM MQ messaging management system are susceptible to vulnerabilities related to insufficient input data validation. This allows attackers to trigger service failures.

The vulnerabilities of the messaging software IBM MQ Appliance, the containerized environment management system IBM MQ Operator, and the message management system IBM MQ are related to insufficient input data validation. Exploiting these vulnerabilities can allow attackers to cause service...

CVE-2021-47127 ice: track AF_XDP ZC enabled queues in bitmap

In the Linux kernel, the following vulnerability has been resolved: ice: track AFXDP ZC enabled queues in bitmap Commit c7a219048e45 "ice: Remove xskbuffpool from VSI structure" silently introduced a regression and broke the Tx side of AFXDP in copy mode. xskpool on icering is set only based on t...

CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...

The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue is associated with synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow attackers to increase their privileges...

SUSE CVE-2023-52493

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parsexferevent such that a callback given to client can potentially queu...

SUSE CVE-2024-26614

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

ROS-2-1894

2.1894 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

ROS-2-1996

2.1996 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 Vulnerability in the Exim message forwarding agent, related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

ROS-2-1613

2.1613 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

ROS-2-988

2.988 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

CVE-2024-1410

Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

The vulnerability of the IBM MQ Operator, a software tool for managing containerized environments, and the IBM MQ messaging system lies in the fact that critical information is transmitted in plaintext. This allows attackers to disclose protected information.

The vulnerability of the IBM MQ Operator, a software tool for managing containerized environments, and the IBM MQ messaging management system is related to the transmission of critical information in open text format. Exploiting this vulnerability can allow attackers to disclose protected...

DEBIAN-CVE-2024-26614

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...