RHEL 9 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - marked: regular expression inline.reflinkSearch may lead Denial of Service CVE-2022-21681 - Marked is a...

USN-6890-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-6601, CVE-2024-6604,...

USN-6890-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-6601, CVE-2024-6604,...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2371-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2371-1 advisory. Update to Firefox Extended Support Release 115.13.0 ESR MFSA 2024-30, bsc1226316: - CVE-2024-6600: Memory corruption in WebGL API -...

SUSE: Security Advisory (SUSE-SU-2024:2371-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:2371-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.13.0 ESR MFSA 2024-30, bsc1226316: - CVE-2024-6600: Memory corruption in WebGL API - CVE-2024-6601: Race condition in permission assignment - CVE-2024-6602: Memory corruption in NSS -...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products due t...

OESA-2024-1810 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Und...

DEBIAN-CVE-2024-39476

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d wait for itself to clear MDSBCHANGEPENDING Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with small possibility, the root cause is exactly the same as commit bed9e27baf52...

[SECURITY] Fedora 40 Update: python-urllib3-1.26.19-1.fc40

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38545)

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. An input validation error vulnerability exists in Rockwell Automation ThinManager ThinServer, which can be...

CVE-2024-3017

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

CVE-2024-3017 Denial of service in multi-protocol gateway - Zigbee + Thread

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

CVE-2024-3017 Denial of service in multi-protocol gateway - Zigbee + Thread

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device...

CVE-2024-39469 nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in nilfsemptydir when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or...

CVE-2024-39469 nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in nilfsemptydir when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or...

CVE-2024-39463

CVE-2024-39463 is a Linux kernel vulnerability in 9p: add missing locking around taking dentry fid list. The issue is a use-after-free on a dentry’s d_fsdata fid list when one thread looks up a fid through a dentry while another thread unlinks it. The UAF can occur in functions such as p9_fid_get...

CVE-2024-39463 9p: add missing locking around taking dentry fid list

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's dfsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcountt: addition on 0;...

PT-2024-37296 · Rockwell Automation · Rockwell Automation Thinserver

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinServer affected versions not specified Description: The issue is caused by improper input validation, allowing an unauthenticated threat actor to send a malicious message to a monitor thread and cause a denial-of-servi...