6043 matches found
AZL-54098 CVE-2024-42135 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flus...
DEBIAN-CVE-2024-42135
In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flus...
CVE-2024-42103
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfsreclaimbgswork and adding to the unused list. Since the block group is removed from...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a vulnerability in the vhosttask module that should be handled by marking a job as killed when a SIGKILL...
AZL-57740 CVE-2024-41023 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix taskstruct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the...
DEBIAN-CVE-2024-41023
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix taskstruct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the...
UBUNTU-CVE-2024-41023
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix taskstruct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the...
CVE-2024-41070 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...
CVE-2024-41058 cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscachewithdrawvolume We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in...
CVE-2024-41050
CVE-2024-41050 (Linux kernel) affects the cachefiles subsystem, specifically the ondemand path handling of object reopening. The vulnerability arises from cyclic re-use of msg_id after a malicious reopen, which can cause a read request to remain unprocessed and lead to a hang. The root cause is r...
CVE-2024-41050 cachefiles: cyclic allocation of msg_id to avoid reuse
In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msgid to avoid reuse Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3...
Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI
One of the most talked-about sessions at the Take Command 2024 Cybersecurity Virtual Summit,"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on...
org.springframework.cloud.stream.app:spring-cloud-starter-stream-sink-task-launcher-dataflow (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.springframework.cloud.stream.app:spring-cloud-stream-app-starters-docs (>=Einstein.RELEASE <=Einstein.SR5) +46 more potentially affected by CVE-2024-37084 via org.springframework.cloud:spring-cloud-skipper (>=1.0.0.RELEASE <=2.11.3)
org.springframework.cloud:spring-cloud-skipper MAVEN version =1.0.0.RELEASE, =1.0.0.RELEASE, =Einstein.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =1.1.1.RELEASE, =Clark.SR1, =2.11.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =1.6.0.RELEASE, =2.0.0.RELEASE, =2.11.3 -...
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...
CVE-2024-6972
CVE-2024-6972 affects Octopus Server. Under certain circumstances, sensitive variables can be printed in clear-text in task logs. The CVSS v3.1 base score is 6.5 (MEDIUM) with high impact on confidentiality; exploitation requires no user interaction but does not require network access (attack vec...
PT-2024-38011 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows sensitive variables to be printed in the task log in clear-text under certain circumstances. Recommendations: At the moment, there is no information about a newer...
Octopus Server 安全漏洞
Octopus Server is a deployment automation and release management tool for continuous delivery from Octopus Australia. A security vulnerability exists in Octopus Server that stems from the fact that under certain circumstances, sensitive variables may be printed in plaintext in the task log...
The vulnerability of the PAM system for JumpServer is related to incorrect restrictions on the path name to the restricted directory. This allows a intruder to gain unauthorized access to read any files in the Celery container.
The vulnerability of the PAM system for privileged access control in JumpServer is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized read access to arbitrary files i...