UBUNTU-CVE-2024-49869

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 "btrfs: send: annotate struct namecacheentry with countedby" we annotated the variable length array "name" from the...

CVE-2024-49869 btrfs: send: fix buffer overflow detection when copying path to cache entry

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 "btrfs: send: annotate struct namecacheentry with countedby" we annotated the variable length array "name" from the...

CVE-2024-49869

Summary of CVE-2024-49869 (Linux kernel) : In btrfs send, overflow was due to name_cache_entry->name length not matching name_len (included NUL terminator). The fix avoids storing the NUL terminator for name entries, aligns name_len with actual name size, marks the field as __nonstring, and sw...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the sendrecv function in the drm/xe/ct subsystem, which could lead to a kernel...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-43799)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43799 advisory. - Send is a library for streaming files from the file system as a http response. Send passes untrusted user...

kernel: mptcp: ensure snd_nxt is properly initialized on connect

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.34.0 security update & enhancements

Release of OpenShift Serverless Logic 1.34.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

PT-2024-41443 · Ооо 'Реак Софт' · Blitz Identity Provider

Уязвимость программного обеспечения Blitz Identity Provider связана с некорректной настройкой правд доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, отправить на привязанную к аккаунту пользователя электронную почту письмо с произвольным текстом...

CVE-2024-44946

...

CVE-2024-44987

...

PT-2024-39400 · WordPress · Wp Helper Premium

Name of the Vulnerable Software and Affected Versions: WP Helper Premium plugin for WordPress versions up to, and including, 4.6.1 Description: The issue is related to a missing capability check on the whp smtp send mail test function, allowing unauthenticated attackers to send emails with any...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.11

Red Hat OpenShift Service Mesh Containers for 2.4.11 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

CLSA-2024-1727816710 Fix of 60 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between...

CLSA-2024-1727816002 Fix of 60 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between...

Oracle Linux 8 : kernel (ELSA-2024-7000)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-7000 advisory. - wifi: mac80211: Avoid address calculations via out of bounds array indexing Michal Schmidt RHEL-51278 CVE-2024-41071 - protect the fetch of -fdfd in...

kernel: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

A NULL pointer dereference flaw was found in the Linux kernel in the phy-omap-usb2 driver. This issue arises when the external PHY used with phy-omap-usb2 does not implement the sendsrp function. If this function is called without proper implementation, it can result in a system crash, especially...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules (CVE-2024-39338, CVE-2024-43800, CVE-2024-43799, CVE-2024-43796).

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules axios CVE-2024-39338, expressjs serve-static CVE-2024-43800, pillarjs send CVE-2024-43799 and expressjs express CVE-2024-43796. This bulletin identifies the steps to take to address the...

OESA-2024-2152 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035i2cmasterxfer In af9035i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zer...

01-numacert (>=1.0.0 <=3.0.0), 02-infrastructure (=1.0.0) +24613 more potentially affected by CVE-2024-43799 via send (>=0.0.1 <=0.18.0)

send NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.3, =0.1.0, =0.3.5 and more Source cves: CVE-2024-43799 Source advisory: OSV:GHSA-M6FV-JMCG-4JFG...

CVE-2024-43799

A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...