Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

kernel: tick/nohz: unexport __init-annotated tick_nohz_full_setup()

In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to ...

ALSA-2024:9473 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 dompurify:...

Moderate: cyrus-imapd security update

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command CVE-2024-34055 For more details about the security issues, including the impact, a CVSS...

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

CVE-2024-35423

vmir e8117 was discovered to contain a heap buffer overflow via the wasmparsesectionfunctions function at /src/vmirwasmparser.c...

RLSA-2024:8870 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: net/bluetooth: race condition in conninfomin,maxageset CVE-2024-24857 kernel: dmaengine: fix NULL pointer in channel unregistratio...

go-toolset:rhel8 security update

An update is available for module.go-toolset, go-toolset, delve, golang, module.golang, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

bpftrace security update

An update is available for bpftrace. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet...

CVE-2024-50190 ice: fix memleak in ice_init_tx_topology()

In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in iceinittxtopology Fix leak of the FW blob DDP pkg. Make icecfgtxtopo const-correct, so iceinittxtopology can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer...

PT-2024-26492 · Unknown · Vmir E8117

Name of the Vulnerable Software and Affected Versions: vmir e8117 version e8117 Description: A heap buffer overflow issue was discovered in vmir e8117 via the wasm parse section functions function at /src/vmir wasm parser.c. This issue occurs due to a heap buffer overflow, which can be exploited...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a heap buffer overflow in the wasmparsesectionfunctions function...

CVE-2024-10926 IBPhoenix ibWebAdmin Tabelas Section toggle_fold_panel.php cross site scripting

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /togglefoldpanel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated...

CVE-2024-10926 IBPhoenix ibWebAdmin Tabelas Section toggle_fold_panel.php cross site scripting

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /togglefoldpanel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated...

PT-2024-16645 · Ibphoenix · Ibphoenix Ibwebadmin

Name of the Vulnerable Software and Affected Versions: IBPhoenix ibWebAdmin versions up to 1.0.2 Description: A problem was found in the Tabelas Section, specifically in the file /toggle fold panel.php, where the manipulation of the argument p leads to cross-site scripting. This issue can be...

CVE-2024-50127 net: sched: fix use-after-free in taprio_change()

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in tapriochange In 'tapriochange', 'admin' pointer may become dangling due to sched switch / removal caused by 'advancesched', and critical section protected by 'q-currententrylock' is too small to...

CVE-2024-50127

CVE-2024-50127 : The Linux kernel patch for the taprio_change() use-after-free fixes a dangling admin pointer caused by sched switch/removal via advance_sched(). The critical section protected by q->current_entry_lock is too small to prevent the scenario, and KASAN can detect the issue. The fi...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...