CVE-2024-24474

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...

Null pointer dereference

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/libtermcap.c...

CVE-2024-24059

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...

Moby (Docker Engine) Insufficiently restricted permissions on data directory

Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...

GHSA-6G2Q-W5J3-FWH4 containerd environment variable leak

Impact Containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect environment variables, including values that are defined for other containers. If t...

Virtuozzo Hybrid Server 7.5 Update 6 (7.5.6-87)

Virtuozzo Hybrid Server 7.5 Update 6 introduces new features and provides stability, usability, and security bug fixes. Additionally, it provides a new kernel 3.10.0-1160.105.1.vz7.214.3. Vulnerability id: PSBM-151015, PSBM-153331 A critical security issue in container suspend/resume in the...

SUSE-SU-2024:0156-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgenericon the socket that t...

Virtuozzo Hybrid Server 7.5 Update 5 Hotfix 3 (7.5.5-293)

The Hotfix 3 for Virtuozzo Hybrid Server 7.5 Update 5 provides a security bug fix. Vulnerability id: PSBM-153331 A critical security issue in container suspend/resume in the Virtuozzo Hybrid Server 7.5. Update 5 version...

SUSE-SU-2024:0113-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information bsc1217946. - CVE-2022-2586: Fixed a use-after-free which can ...

SUSE-SU-2024:0110-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks bsc1179610 bsc1215237. - CVE-2023-6121:...

Heap overflow

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. If an MX Series device receives PTP packets on an MPC3E that doesn't...

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

CVE-2023-6865

CVE-2023-6865 describes a vulnerability in Firefox’s EncryptingOutputStream that could expose uninitialized data, potentially allowing data to be written to local disk with implications for private browsing mode. Affected products noted in the provided documents include Firefox ESR versions prior...

CVE-2023-50262 Dompdf possible DoS caused by infinite recursion when parsing SVG images

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

Upgrade Tomcat to fix CVE-2023-46589

h3. Issue Summary This is reproducible on Data Center: / Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589 h3. Environment 8.1.x to 9.4.x h3. Steps to Reproduce Check the Apache Tomcat version...

Cross site scripting

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

container-tools:4.0 security and bug fix update

buildah 1:1.24.6-7 - rebuild for CVE-2023-29406 - Related: 2176055 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman 2:4.0.2-24 - rebuild for CVE-2023-29406 - Related: 2176055 python-podman runc skop...

CVE-2023-6212

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 120, Firefox ESR...

CVE-2023-48292

CVE-2023-48292 concerns the XWiki Admin Tools RunShellCommand feature. The issue is a cross-site request forgery (CSRF) in versions 4.4 up to 4.5.0/1 that lets an authenticated admin be tricked into executing shell commands on the server. An attacker can exploit this by injecting a command into a...

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: insufficient sanitization of Host header CVE-2023-29406 For more details about the security issues, including the impact, a CVSS score,...