CVE-2024-38661 s390/ap: Fix crash in AP internal function modify_bitmap()

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...

CVE-2024-38661 s390/ap: Fix crash in AP internal function modify_bitmap()

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...

OESA-2024-1746 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: Certain network request objects were freed too early when releasing a network request handle. Th...

OESA-2024-1747 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file...

SUSE CVE-2021-47580

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix type in mint to avoid stack OOB Change mint to use type "u32" instead of type "int" to avoid stack out of bounds. With mint type "int" the values get sign extended and the larger value gets used causing stack...

CLSA-2024-1718898538 systemd: Fix of CVE-2023-7008

CVE-2023-7008: prevent systemd-resolved from accepting DNS records of DNSSEC- signed domains without a signature to mitigate man-in-the-middle attacks...

CLSA-2024-1718895586 systemd: Fix of CVE-2023-7008

CVE-2023-7008: prevent systemd-resolved from accepting DNS records of DNSSEC- signed domains without a signature to mitigate man-in-the-middle attacks...

DEBIAN-CVE-2021-47580

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix type in mint to avoid stack OOB Change mint to use type "u32" instead of type "int" to avoid stack out of bounds. With mint type "int" the values get sign extended and the larger value gets used causing stack...

CVE-2021-47604 vduse: check that offset is within bounds in get_config()

In the Linux kernel, the following vulnerability has been resolved: vduse: check that offset is within bounds in getconfig This condition checks "len" but it does not check "offset" and that could result in an out of bounds read if "offset dev-configsize". The problem is that since both variables...

SUSE-SU-2024:1499-2 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the possibility that an attacker could trick the application into accepting requests that a...

PT-2024-27811 · Nextcloud · Nextcloud User Oidc

Name of the Vulnerable Software and Affected Versions: Nextcloud user oidc app versions prior to 1.3.5 Nextcloud user oidc app versions prior to 2.0.0 Nextcloud user oidc app versions prior to 3.0.0 Nextcloud user oidc app versions prior to 4.0.0 Nextcloud user oidc app versions prior to 5.0.0...

Rocky Linux 8 : grub2 (RLSA-2024:3184)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3184 advisory. grub2: grub2-set-bootflag can be abused by local pseudo-users CVE-2024-1048 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution...

RHEL 8 : protobuf-c (RHSA-2024:3812)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3812 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmembe...

Moderate: Red Hat Security Advisory: protobuf-c security update

An update for protobuf-c is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

OESA-2024-1693 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal...

GO-2024-2645 Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei

Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...

SUSE CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability...