4269 matches found
SUSE CVE-2024-46713
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event-mmapmutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perfevent::mmapmutex...
DEBIAN-CVE-2024-46713
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event-mmapmutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perfevent::mmapmutex...
UBUNTU-CVE-2024-46713
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event-mmapmutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perfevent::mmapmutex...
CVE-2024-46713
CVE-2024-46713 affects the Linux kernel perf/aux path. The root cause was that event->mmap_mutex alone was insufficient to serialize the AUX buffer, enabling race conditions. The fix adds a per-RB mutex to fully serialize AUX buffer access and corrects the previous lock order issue where perf_...
CVE-2024-46713 perf/aux: Fix AUX buffer serialization
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event-mmapmutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perfevent::mmapmutex...
GHSA-64F8-PJGR-9WMR Untrusted Query Object Evaluation in RPC API
During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted in order to support a wide array of types and structures that could contain user credentials. This arbitrary object could potentially contain any SurrealDB value, including an object...
Untrusted Query Object Evaluation in RPC API
During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted in order to support a wide array of types and structures that could contain user credentials. This arbitrary object could potentially contain any SurrealDB value, including an object...
[SECURITY] Fedora 40 Update: lua-mpack-1.0.12-1.fc40
mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...
[SECURITY] Fedora 39 Update: lua-mpack-1.0.12-1.fc39
mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...
Security Bulletin: Vulnerability in QOS.ch Sarl Logback affects watsonx.data
Summary A serialization vulnerability in logback receiver component part of QOS.ch Sarl Logback allows an attacker to mount a Denial-Of-Service attack on watsonx.data by sending poisoned data. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback...
Security Bulletin: Vulnerability in QOS.ch Sarl Logback affects watsonx.data
Summary A serialization vulnerability in logback receiver component part of QOS.ch Sarl Logback allows an attacker to mount a Denial-Of-Service attack to watsonx.data by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of...
SUSE CVE-2024-44991
In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcpskexitbatch Its possible that two threads call tcpskexitbatch concurrently, once from the cleanupnet workqueue, once from a task that failed to clone a new netns. In the latter case, error...
ROS-20240905-02
A vulnerability in the Python programming language interpreter CPython is related to incorrectly enclosing newline characters in quotation marks for email headers when serializing a message. newline quotes for email headers when serializing a message. Exploitation vulnerability could allow an...
ROS-20240904-13
A vulnerability in the session cookie pga4session of the pgAdmin 4 database management tool is related to an incorrect serialization. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...
[SECURITY] Fedora 41 Update: lua-mpack-1.0.12-1.fc41
mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...
HP SiteScope SOAP Call GetSiteScopeConfiguration Configuration Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access', 'Description' = %q This module exploits an authentication bypass...
Ruby On Rails XML Processor YAML Deserialization Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails XML Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerable...
CVE-2024-44946
In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenario is 1. Thread A builds a skb with MSGMORE and sets kcm-seqskb. 2. Thread A resumes building skb from kcm-seqskb but is blocked by...
DEBIAN-CVE-2024-44946
In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenario is 1. Thread A builds a skb with MSGMORE and sets kcm-seqskb. 2. Thread A resumes building skb from kcm-seqskb but is blocked by...
UBUNTU-CVE-2024-44946
In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenario is 1. Thread A builds a skb with MSGMORE and sets kcm-seqskb. 2. Thread A resumes building skb from kcm-seqskb but is blocked by...