Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the cpufreq:amd-pstate component during CPU EPP exit...

Omron NJ Series CPU Unit Insufficient Verification of Data Authenticity (CVE-2024-33687)

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. This plugin only works with Tenable.ot. Please visit...

WordPress VK All in One Expansion Unit plugin <= 9.99.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin VK All in One Expansion Unit versions = 9.99.1.0...

WordPress VK All in One Expansion Unit Plugin <= 9.99.1.0 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions = 9.99.1.0 Fixed in 9.99.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37956 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 525bd2086dbb Credits savphill Required...

OPENSUSE-SU-2024:0194-2 Security update for keybase-client

This update for keybase-client fixes the following issues: Update to version 6.2.8 Update client CA Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo1213928. This is done via the new update-image-tiff.patch. - Limit parallel test executi...

kernel: ppp_async: limit MRU to 64K

In the Linux kernel, the following vulnerability has been resolved: pppasync: limit MRU to 64K syzbot triggered a warning 1 in allocpages: WARNONONCEGFPorder MAXPAGEORDER, gfp Willem fixed a similar issue in commit c0a2a1b0d631 "ppp: limit MRU to 64K" Adopt the same sanity check for...

[SECURITY] Fedora 40 Update: python-astropy-5.3.3-1.fc40

The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...

[SECURITY] Fedora 39 Update: python-astropy-5.3.3-1.fc39

The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...

kernel: ppp_async: limit MRU to 64K

In the Linux kernel, the following vulnerability has been resolved: pppasync: limit MRU to 64K syzbot triggered a warning 1 in allocpages: WARNONONCEGFPorder MAXPAGEORDER, gfp Willem fixed a similar issue in commit c0a2a1b0d631 "ppp: limit MRU to 64K" Adopt the same sanity check for...

CLSA-2024-1719568839 Update of linux-firmware

Update AMD CPU microcode to 2024-01-16: - Update AMD CPU microcode for processor family 19h: sig 0x00a00f11, sig 0x00a00f12;...

PT-2024-37522 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit affected versions not specified Description: The issue is related to incomplete cleanup when performing redactions in Conduit. This allows an attacker to determine whether certain strings were present in the PDU before redaction...

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration...

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration...

DEBIAN-CVE-2024-38622

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpucoreirqcallbackhandler callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug by...

The vulnerability of the NVIDIA Virtual GPU Manager driver, which allows a hacker to trigger a service failure.

The vulnerability of the NVIDIA Virtual GPU Manager driver relates to insufficient control over interaction frequencies. Exploiting this vulnerability can allow attackers to cause service failures...

AZL-54783 CVE-2022-48766 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301calculatewmanddlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and some kernel panics without this fix...

DEBIAN-CVE-2022-48766

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301calculatewmanddlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and some kernel panics without this fix...

UBUNTU-CVE-2022-48766

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301calculatewmanddlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and some kernel panics without this fix...

The vulnerability of the KNX Bus-System component of the microprogramming software for ABB Display 55, Display 63, Display 70, RoomTouch 4, BCU KNX devices allows a hacker to gain control over these devices by accessing the KNX bus.

The vulnerability of the KNX Bus-System microprogramming software components of ABB Display 55, Display 63, Display 70, RoomTouch 4, and BCU KNX lies in the lack of protection for operational data. Exploiting this vulnerability could allow an attacker to gain control over devices by accessing the...

PT-2024-30693

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns handling an invalid decoder vsi in the vpu dec init function to ensure the decoder vsi is valid for future use. This is related to the media: mediatek: vcodec componen...