CVE-2024-56627

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbdvfsstreamread An offset from client could be a negative value, It could lead to an out-of-bounds read from the streambuf. Note that this issue is coming when setting 'vfs objects = streamsxat...

CVE-2024-56605

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate btsockalloc allocates the sk object and attaches it to the provided sock object. On error l2capsockalloc frees the sk object, but the dangling pointer...

CVE-2024-53235

In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fusereadargsfill: fusereadfolio+0xb0/0x100 fs/fuse/file.c:905 filemapreadfolio+0xc6/0x2a0 mm/filemap.c:2367 doreadcachefolio+0x263/0x5c0 mm/filemap.c:382...

CVE-2024-53203

CVE-2024-53203 is a Linux kernel issue: a potential array underflow in usb: typec ucsi_ccg_sync_control() could be triggered when the user controls the command via debugfs, if con_index is zero leading to an access of ucsi.connector[con_index-1]. The vulnerability is resolved in the Linux kernel;...

CVE-2024-53176 smb: During unmount, ensure all cached dir instances drop their dentry

In the Linux kernel, the following vulnerability has been resolved: smb: During unmount, ensure all cached dir instances drop their dentry The unmount process cifskillsb calling closeallcacheddirs can race with various cached directory operations, which ultimately results in dentries not being...

CVE-2024-53167

CVE-2024-53167 (Linux kernel) relates to an unregister path in NFS/pNFS block layout where unmounting a pNFS SCSI layout-enabled NFS could dereference a NULL block_device if no device could be attached to pnfs_block_dev. The root cause is a premature dereference during unregistration after the nf...

CVE-2024-53167 nfs/blocklayout: Don't attempt unregister for invalid block device

In the Linux kernel, the following vulnerability has been resolved: nfs/blocklayout: Don't attempt unregister for invalid block device Since commit d869da91cccb "nfs/blocklayout: Fix premature PR key unregistration" an unmount of a pNFS SCSI layout-enabled NFS may dereference a NULL blockdevice i...

PT-2024-9899

Name of the Vulnerable Software and Affected Versions DrayTek Vigor2960 and Vigor300B version 1.5.1.4 Description A critical vulnerability exists in the Web Management Interface of DrayTek Vigor2960 and Vigor300B. The issue is related to the manipulation of the session argument in the...

CBL Mariner 2.0 Security Update: avahi (CVE-2023-38472)

The version of avahi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38472 advisory. - A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

CVE-2024-56510

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CLSA-2024-1735128985 Fix CVE(s): CVE-2024-50602

SECURITY UPDATE: Crash in XMLResumeParser due to XMLStopParser issue - debian/patches/CVE-2024-50602.patch: Refuse to stop/suspend an unstarted parser due to XMLERRORNOTSTARTED - debian/patches/CVE-2024-50602-1.patch: Explicitly specify XMLPARSING in XMLStopParser to ensure correct parsing status...

CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CLSA-2024-1735119580 Fix CVE(s): CVE-2023-41080

SECURITY UPDATE: Untrusted Site Redirection Vulnerability in FORM authentication feature - debian/patches/CVE-2023-41080.patch: Avoid protocol relative redirects in FORM authentication - CVE-2023-41080...

CVE-2024-53150

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descripto...

CVE-2024-53151 svcrdma: Address an integer overflow

In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: Commit 78147ca8b4a9 "svcrdma: Add a "parsed chunk list" data structure" from Jun 22, 2020 linux-next, leads to the following Smatch static checker warning:...

CVE-2024-53146

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...

CVE-2024-41887

CVE-2024-41887 affects NVR devices where a flaw lets an attacker remotely execute code by creating a log file in a parent directory, enabling file corruption. Root cause: unauthorized log handling/creation path that allows privilege-impacting actions on the system. Impact: potential remote code e...

CVE-2024-41887 Arbitrary File Overwrite

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the...

GHSA-VM62-9JW3-C8W3 Gogs has an argument Injection in the built-in SSH server

Impact When the built-in SSH server is enabled server STARTSSHSERVER = true, unprivileged user accounts with at least one SSH key can execute arbitrary commands on the Gogs instance with the privileges of the user specified by RUNUSER in the configuration. It allows attackers to access and alter...

Gogs has an argument Injection in the built-in SSH server

Impact When the built-in SSH server is enabled server STARTSSHSERVER = true, unprivileged user accounts with at least one SSH key can execute arbitrary commands on the Gogs instance with the privileges of the user specified by RUNUSER in the configuration. It allows attackers to access and alter...