PT-2024-18877 · Qualcomm · Snapdragon +6

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. No...

util-linux wall Escape Sequence Injection

Wall-Escape CVE-2024-28085 Skyler Ferrante: Escape sequence injection in util-linux wall ================================================================= Summary ================================================================= The util-linux wall command does not filter escape sequences from...

CVE-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

CVE-2024-28860 Insecure IPsec transport encryption in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

CVE-2024-28860

CVE-2024-28860 affects Cilium’s IPsec transparent encryption. The issue arises from an ESP sequence number collision when multiple nodes share a key, enabling a MITM attacker to perform chosen-plaintext, key-recovery, and replay attacks that can undermine confidentiality and integrity. Fixed in C...

CVE-2024-28860 Insecure IPsec transport encryption in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

PT-2024-2532 · Unknown +6 · Util-Linux +6

Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.40 Description: The wall command in util-linux versions through 2.40 does not properly filter escape sequences received from command line arguments. This allows a local attacker to potentially inject escape...

PT-2024-22610

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.13.13 Cilium versions prior to 1.14.9 Cilium versions prior to 1.15.3 Description: Cilium, a networking, observability, and security solution with an eBPF-based dataplane, has a vulnerability in its IPsec transparen...

CVE-2023-52624

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands Why DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. How Add dcwakeandexecutegpint to wrap the wake,...

AZL-58698 CVE-2023-52624 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands Why DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. How Add dcwakeandexecutegpint to wrap the wake,...

SUSE CVE-2024-27936

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

CVE-2024-27936

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

EulerOS Virtualization 2.9.0 : openssh (EulerOS-SA-2024-1475)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.9.0 : libssh2 (EulerOS-SA-2024-1470)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

Oracle Linux 7 : openssh (ELSA-2024-12233)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12233 advisory. 7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug:...

CVE-2023-7248 OpenText Vertica Management console might be prone to bypass via crafted requests

Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management...

SUSE CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASELOCKOWNER The test on socount in nfsd4releaselockowner is nonsense and harmful. Revert to using checkforlocks, changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1343)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libssh2 (EulerOS-SA-2024-1217)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...