CVE-2023-40549 affecting package shim-unsigned-x64 for versions less than 15.8-1

CVE-2023-40549 affecting package shim-unsigned-x64 for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-45056

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

SUSE CVE-2022-48938

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

CVE-2022-48938

An integer overflow vulnerability was found in the Linux Kernel. When a broken device gives an extreme offset, the current implementation of sanity checks will overflow, resulting in loss of availability of the system. Mitigation Mitigation for this issue is either not available or the currently...

DEBIAN-CVE-2022-48938

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

CVE-2022-48938

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

CVE-2022-48938

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

UBUNTU-CVE-2022-48938

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

libreoffice: Ability to trust not validated macro signatures removed in high security mode

A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...

libreoffice: Ability to trust not validated macro signatures removed in high security mode

A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...

libreoffice: Ability to trust not validated macro signatures removed in high security mode

A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...

libreoffice: Ability to trust not validated macro signatures removed in high security mode

A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being...

CVE-2024-23460

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS 4.2...

SUSE CVE-2024-42105

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the...

SUSE CVE-2024-42131

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGESIZE units fit into 32-bit so that various multiplications fit into 64-bits. If limits end up bein...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2, which originates from not verifying the digital signature of the installer, allowing arbitrary code to be executed locally...

PT-2024-6565 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: A Path Traversal vulnerability exists in the ArubaOS, related to incorrect restriction of directory path names with limited access. Successful exploitation of this vulnerability allows an...

CLSA-2024-1722535503 systemd: Fix of CVE-2023-7008

CVE-2023-7008: prevent systemd-resolved from accepting DNS records of DNSSEC- signed domains without a signature to mitigate man-in-the-middle attacks...