CVE-2021-47370

CVE-2021-47370 affects the Linux kernel and concerns the MPTCP path: a signed/unsigned comparison in the code path that refills the TX cache can misbehave when size_goal is smaller than skb->len, causing the core TCP path to allocate an skb without the MPTCP extension. The fix rewrites the exp...

CVE-2021-47370 mptcp: ensure tx skbs always have the MPTCP ext

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...

CVE-2021-47370

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...

CVE-2023-52685

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-52685

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-35827 io_uring/net: fix overflow check in io_recvmsg_mshot_prep()

In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a u32 multiplicative overflow...

GHSA-RHXJ-GH46-JVW8 Grafana Plugin signature bypass

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

RHEL 7 : protobuf-c (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - protobuf-c: invalid arithmetic shift via the function parsetagandwiretype may lead to DoS CVE-2022-33070 ...

RHEL 6 : openvswitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openvswitch: Buffer over-read while parsing the group mod OpenFlow message CVE-2017-9265 - In Open vSwitc...

Fedora 40 : libcoap (2024-75863445ff)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-75863445ff advisory. Patch to fix CVE-2024-31031 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

CVE-2024-2617

CVE-2024-2617 affects Hitachi Energy RTU500 series (RTU500 web server component). The vulnerability lets authenticated users bypass secure update and install unsigned firmware on RTU500. Reported impact is high (CVSS3.1: 7.2) with network attack vector, low complexity, high privileges required, a...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

Improper Certificate Validation

osxcollector is vulnerable to Improper Certificate Validation. The vulnerability is due to incomplete inspection of Universal/fat binaries, which allows malicious code to appear as if it is signed by Apple, leading to the execution of unsigned code...

ALSA-2024:2456 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

PT-2024-21304

Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description A vulnerability exists in the RTU500 that allows authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to...

PYSEC-2024-246

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...