GHSA-29WX-VH33-7X7R vulnerabilities

Vulnerabilities for packages: trivy, git-sync, azcopy, crossplane-fips, falcoctl, kubernetes, azure-aad-pod-identity-mic, crossplane-provider-azure-authorization, cluster-autoscaler, boring-registry, mc, scorecard, kots, telegraf, crossplane-provider-azure-managedidentity, trivy-fips, ko-fips,...

CVE-2024-48342

...

TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters

This article details a new campaign by TeamTNT, a notorious hacking group, leveraging exposed Docker daemons to deploy…...

[SECURITY] Fedora 40 Update: podman-tui-1.2.3-1.fc40

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

CVE-2024-47031

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861...

CVE-2024-47031

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861...

Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)

Summary Usage of the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server. Since Butterfly JavaScript code has access to Java classes, it can run arbitrary programs. Details The...

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again

On Monday, October 21, updates for the critical Remote Code Execution - VMware vCenter CVE-2024-38812 vulnerabilitywere released again. Wait, haven't fixes for this vulnerability been available since September 17th? They were, but it was not enough. " VMware by Broadcom has determined that the...

CVE-2024-49946

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in pppchannelbridgeinput Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the...

CVE-2024-50039

CVE-2024-50039 : Linux kernel net/sched vulnerability where accepting TCA_STAB on non-root qdiscs could crash via NULL pointer dereference (syzbot) when using a TBF/SFQ combo. The fix restricts STAB handling to root qdisc (per-qdisc storage isn’t maintained for arbitrary levels). Connected docs i...

CVE-2024-49939 wifi: rtw89: avoid to add interface to list twice when SER

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow is triggered by ieee80211reconfig. However, due to rtw89wowresume return failure, it will cause the...

CVE-2024-49934 fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name

In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...

CVE-2024-49866 tracing/timerlat: Fix a race during cpuhp processing

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ODEBUG: init active active state 0 object:...

MAL-2024-10223 Malicious code in zen-ruby-linter (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-10169 Malicious code in test-package-sample (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-10150 Malicious code in raimbowxyz (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-10132 Malicious code in python-consul2-hh (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-10041 Malicious code in marshall (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9964 Malicious code in cryptoaitools (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9946 Malicious code in atomicdecoderss (PyPI)

--- -= Per source details. Do not edit below this line.=-...