6050 matches found
CVE-2024-22261 SQL Injection in Harbor scan log API
SQL-Injection in Harbor allows priviledge users to leak the task IDs...
CVE-2024-22261 SQL Injection in Harbor scan log API
SQL-Injection in Harbor allows priviledge users to leak the task IDs...
CVE-2024-22261
Harbor (scan log API) is affected by a SQL Injection vulnerability described across OSV-BIT-HARBOR-2024-22261 and NVD CVE-2024-22261. The issue arises in the Harbor scan log API where privileged users (administrator, project_admin, project_maintainer) can trigger arbitrary SQL execution to leak t...
Hirschmann HiOS Switches Race Condition (CVE-2019-12263)
This vulnerability relies on a race-condition between the network task tNet0 and the receiving application. It is very difficult to trigger the race on a system with a single CPU-thread enabled, and there is no way to reliably trigger a race on SMP targets. This plugin only works with Tenable.ot...
kernel: pid: take a reference when initializing `cad_pid`
In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the init task's struct pid. Later on, we may change cadpid via a sysctl, and when this happens procdocadpid will increment the...
kernel: pid: take a reference when initializing `cad_pid`
In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the init task's struct pid. Later on, we may change cadpid via a sysctl, and when this happens procdocadpid will increment the...
SUSE CVE-2024-36917
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blkioctldiscard There is no check for overflow of 'start + len' in blkioctldiscard. Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000...
OESA-2024-1679 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for offinddevicebynode Add check for the return value of offinddevicebynode and return the error if it fails in order to avoid...
DEBIAN-CVE-2024-36906
In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...
CVE-2024-36882
In the Linux kernel, the following vulnerability has been resolved: mm: use memallocnofssave in pagecacheraorder See commit f2c817bed58d "mm: use memallocnofssave in readahead path", ensure that pagecacheraorder do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found iss...
UBUNTU-CVE-2024-36943
In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: fix loss of young/dirty bits during pagemap scan makeuffdwppte was previously doing: pte = ptepgetptep; ptepmodifyprotstartptep; pte = ptemkuffdwppte; ptepmodifyprotcommitptep, pte; But if another thread accessed...
UBUNTU-CVE-2024-36906
In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...
CVE-2024-36917 block: fix overflow in blk_ioctl_discard()
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blkioctldiscard There is no check for overflow of 'start + len' in blkioctldiscard. Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000...
CVE-2024-36915
CVE-2024-36915 concerns the Linux kernel’s NFC LLCP path where nfc_llcp_setsockopt() could unsafe-copy from user-supplied sockptr data, triggering a slab-out-of-bounds read. Symptom traces show reads of 4 bytes at a user task, linked to copy_from_sockptr() and inline copy_from_sockptr_offset; the...
CVE-2024-36882 mm: use memalloc_nofs_save() in page_cache_ra_order()
In the Linux kernel, the following vulnerability has been resolved: mm: use memallocnofssave in pagecacheraorder See commit f2c817bed58d "mm: use memallocnofssave in readahead path", ensure that pagecacheraorder do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found iss...
CVE-2024-36882 mm: use memalloc_nofs_save() in page_cache_ra_order()
In the Linux kernel, the following vulnerability has been resolved: mm: use memallocnofssave in pagecacheraorder See commit f2c817bed58d "mm: use memallocnofssave in readahead path", ensure that pagecacheraorder do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found iss...
SUSE-SU-2024:1858-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to version 115.11 bsc1224056: - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking -...
SUSE CVE-2023-52813
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as follows: INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 /proc/sys/kernel/hungtasktimeoutsecs" disables this...
SUSE CVE-2021-47553
In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringupcpu To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the...
CVE-2021-47569
In the Linux kernel, the following vulnerability has been resolved: iouring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/iouring.c:6269 iotrycanceluserdata+0x3c5/0x640 fs/iouring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller 0 Workqueue: events...