Astra Linux – Vulnerability in mongo-c-driver

When calling bsonutf8validate on certain inputs, it is possible for an infinite loop to occur, with no way to exit. This issue affects All MongoDB C Driver versions prior to version 1.25.0...

Malicious code in auto-validate (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6730 Malicious code in auto-validate (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6510 Malicious code in address-validate (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

DEBIAN-CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate an extra slot in the ddpcomp array but mtkdrmcrtccreate never seemed to initialize it in the test case I ran. For me, this caused a late...

CVE-2024-38606 crypto: qat - validate slices count returned by FW

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adfsendadmintlstart enables the telemetry TL feature on a QAT device by sending the ICPQATFWTLSTART message to the firmware. This triggers the FW to start writing TL...

CLSA-2024-1718789388 Fix CVE(s): CVE-2024-5458

SECURITY UPDATE: filter bypass in filtervar FILTERVALIDATEURL - debian/patches/CVE-2024-5458.patch: Fix validation of ipv6 hostname to check all conditions and extract condition to separate function - CVE-2024-5458...

CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

CVE-2024-36974 net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

Phone Scammers Impersonating CISA Employees

Impersonation scams are on the rise and often use the names and titles of government employees. The Cybersecurity and Infrastructure Security Agency CISA is aware of recent impersonation scammers claiming to represent the agency. As a reminder, although CISA staff will occasionally contact...

Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai @oran...

Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai @oran...

SUSE CVE-2022-0998

An integer overflow flaw was found in the Linux kernel's virtio device driver code in the way a user triggers the vhostvdpaconfigvalidate function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

GHSA-8HQG-WHRW-PV92 Ollama does not validate the format of the digest (sha256 with 64 hex digits)

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring...

PT-2024-32208

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel, specifically in the drm/amd/display component. A NULL check has been added at the start of the dc validate stream function to prevent invalid...

AZL-42234 CVE-2023-52827 affecting package kernel for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12khttpullppdustats len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read i...

UBUNTU-CVE-2023-52827

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12khttpullppdustats len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read i...

CVE-2021-47309

In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate-data before returning from skbtunnelinfo skbtunnelinfo returns pointer of lwtstate-data as iptunnelinfo type without validation. lwtstate-data can have various types such as mplsiptunnelencap, etc and these...

CVE-2021-47286

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

CVE-2021-47286 bus: mhi: core: Validate channel ID when processing command completions

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...