CVE-2024-43357

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

CVE-2024-43357 JavaScript specification issue may lead to type confusion and pointer dereference in implementations

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

PT-2024-30525 · Unknown · Ecmascript

Name of the Vulnerable Software and Affected Versions: ECMAScript affected versions not specified Description: A problem in the ECMAScript specification of async generators may lead to mis-implementation in a way that could present as a security issue, such as type confusion and pointer...

runc: Multiple Vulnerabilities

Background runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Description Multiple vulnerabilities have been discovered in runc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

CVE-2024-42350

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

CVE-2024-42350 Public key confusion in third party block in Biscuit

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

PT-2024-25800 · Unjs/Ufo +1 · Unjs/Ufo +1

Name of the Vulnerable Software and Affected Versions: Nuxt versions prior to 3.12.4 Description: The navigateTo function does not correctly use APIs provided by unjs/ufo, leading to parsing discrepancies. The function first checks if a URL has a protocol using the unjs/ufo package, which works...

CVE-2024-42105 nilfs2: fix inode number range checks

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the...

CVE-2024-42105

CVE-2024-42105 – nilfs2 inode range/UAF fixes in Linux kernel : The referenced security issue is mitigated by a patch series for nilfs2 that fixes a use-after-free and several inode-number range problems. Specifically, nilfs->ns_first_ino (the first non-reserved inode) was read from the superb...

ALSA-2024:4761 Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

CVE-2024-40984

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 "ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine."". The initial purpose of this...

CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

CVE-2024-40992 RDMA/rxe: Fix responder length checking for UD request packets

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

CVE-2024-40992 RDMA/rxe: Fix responder length checking for UD request packets

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

CVE-2024-40992

CVE-2024-40992 concerns the Linux kernel RDMA/rxe stack. The root cause was an incorrect resilience check for UD QP receive data: a deferred responder length check in the function copy_data (via commit 689c5421bfe0) could trigger an oversized UD packet to fail with -EINVAL, causing send_data_in t...

CVE-2024-40992 RDMA/rxe: Fix responder length checking for UD request packets

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

CVE-2024-38048

Windows Network Driver Interface Specification NDIS Denial of Service Vulnerability...

CVE-2024-38048 Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

...

Moderate: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...