quic-go: memory exhaustion attack against QUIC's path validation mechanism

A memory exhaustion vulnerability was found in Quic-GO, where a malicious client exploits the path validation mechanism to induce the server into accumulating an unbounded queue of PATHRESPONSE frames, depleting its memory. The attacker controls the victim's packet send rate by overwhelming the...

CVE-2024-0390

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...

Hardcoded credentials

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...

CVE-2024-0390 Hard-coded credentials in iZZi connect application

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...

[SECURITY] Fedora 38 Update: rust-virtio-queue-0.11.0-1.fc38

Virtio queue implementation...

Fedora: Security Advisory for rust-virtio-queue (FEDORA-2024-f2305d485f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

AZL-34561 CVE-2023-6516 affecting package bind for versions less than 9.19.21-1

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

DEBIAN-CVE-2024-25741

printerwrite in drivers/usb/gadget/function/fprinter.c in the Linux kernel through 6.7.4 does not properly call usbepqueue, which might allow attackers to cause a denial of service or have unspecified other impact...

UBUNTU-CVE-2024-25741

printerwrite in drivers/usb/gadget/function/fprinter.c in the Linux kernel through 6.7.4 does not properly call usbepqueue, which might allow attackers to cause a denial of service or have unspecified other impact...

[SECURITY] Fedora 39 Update: rust-virtio-queue-0.11.0-1.fc39

Virtio queue implementation...

Fedora: Security Advisory for rust-virtio-queue (FEDORA-2024-04877592b7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-21467 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the protection of updates of 64-bit statistics counters in the Linux kernel. A comment in explains that the write side of struct u64 stats sync must ensure mutu...

OESA-2024-1126 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

The vulnerabilities of microprogramming software in FeverWarn ESP32, FeverWarn RaspberryPi systems, and FeverWarn DataHub RaspberryPi, a system for centralized data storage and management, allow attackers to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for thermal scanning systems—FeverWarn ESP32, FeverWarn RaspberryPi, and the centralized data storage and management system—FeverWarn DataHub RaspberryPi—is related to the absence of authentication procedures for critical functions during MQTT...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3

Summary OpenSSL, go-yaml, GnuTLS , OpenTelemetry-Go and urllib3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerabl...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...