Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a security issue in KVM x86/mmu...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that results from a denial of service when processing a PDU Release command with an out-of-range parameter PDU ID...

PT-2024-2629 · Arm · Arm Ltd Midgard Gpu Kernel Driver +3

Name of the Vulnerable Software and Affected Versions: Arm Ltd Midgard GPU Kernel Driver versions r13p0 through r32p0 Arm Ltd Bifrost GPU Kernel Driver versions r11p0 through r25p0 Arm Ltd Valhall GPU Kernel Driver versions r19p0 through r25p0, versions r29p0 through r46p0 Arm Ltd Arm 5th Gen GPU...

openSUSE: Security Advisory for icu73_2 (SUSE-SU-2023:3563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-26617 fs/proc/task_mmu: move mmu notification mechanism inside mm lock

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending...

DEBIAN-CVE-2023-52485

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command Why We can hang in place trying to send commands when the DMCUB isn't powered on. How For functions that execute within a DC context or DC lock we can wrap the direct calls to...

CVE-2023-48682

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

Cross site scripting

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

CVE-2023-48682

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

PT-2024-13623 · Acronis · Acronis Cyber Protect 16

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 37391 Description: A stored cross-site scripting XSS vulnerability exists in the unit name, allowing for potential exploitation. The estimated number of potentially affected devices worldwide i...

kernel: IGB driver inadequate buffer size for frames larger than MTU

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue...

PT-2024-8425 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, where the iov iter unit test causes a crash on nommu systems, such as the qemu kc705-nommu emulation. The test calls the vmap function directl...

The vulnerability of the microprogrammed control units Saho ADM100 and ADM-100FP lies in the possibility of unlimited loading of dangerous files, allowing a intruder to execute arbitrary commands.

The vulnerability of the microprogrammed control units Saho ADM100 and ADM-100FP lies in the ability to download files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely by introducing specially crafted files...

The vulnerability of the read_coding_unit function (slice.cc) in the h.265 Libde265 video codec implementation, which allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the readcodingunit function slice.cc in the h.265 Libde265 video codec implementation is related to the output of operations that occur outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to influence the confidentiality, integrity, and...

Node.js: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

The vulnerability in the undici library in Node.js was that the parseHashWithOptions function did not properly handle base64url encoded hashes and invalid hashes. This allowed resources to be loaded without the expected Subresource Integrity SRI checks being performed...

PT-2024-14577 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service...

SUSE-SU-2024:0508-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

CVE-2024-0390

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...

CVE-2024-0390

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...

CVE-2024-0390 Hard-coded credentials in iZZi connect application

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...