Apache Answer Security Bypass Vulnerability

Apache Answer is a community platform of the Apache USA Foundation. A security bypass vulnerability exists in Apache Answer 1.3.5 and earlier versions, which can be exploited by an attacker to cause the link to be abused or hijacked, due to a security bypass vulnerability that stems from the...

kernel: powerpc/pseries: Enforce hcall result buffer validity and size

A vulnerability was found in the Linux kernel's powerpc/pseries architecture, where certain hypercall functions did not properly enforce the validity and size of result buffers provided by callers, lead to stack corruption if the buffer is too small, as the lack of compiler checks allows for...

CVE-2024-41083 netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix netfspagemkwrite to check folio-mapping is valid Fix netfspagemkwrite to check that folio-mapping is valid once it has taken the folio lock as filemappagemkwrite does. Without this, generic/247 occasionally oopses with...

Craft CMS Allows TOTP Token To Stay Valid After Use

Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. Impact An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. A TOTP token can be used multiple times t...

IBM Security Verify Directory和IBM Security Directory Integrator 代码问题漏洞

IBM Security Verify Directory and IBM Security Directory Integrator are both products of International Business Machines IBM.IBM Security Verify Directory is part of an authentication and access management solution.IBM Security Directory Integrator is an integrated development environment and...

CVE-2024-40974

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...

SUSE CVE-2024-40963

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when archsyncdmaforcpuall is called. This was notice in situation where the system is booted...

SUSE CVE-2024-6607

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...

CVE-2024-40974 powerpc/pseries: Enforce hcall result buffer validity and size

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...

CVE-2024-40974 powerpc/pseries: Enforce hcall result buffer validity and size

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...

OESA-2024-1840 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

UBUNTU-CVE-2024-6607

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...

CVE-2024-28882

OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

ALPINE-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

Astra Linux – Vulnerability in Firefox

It was possible to prevent a user from exiting PointerLock by pressing Escape, and to overlay customValidity notifications from a element over certain permission prompts. This could be used to confuse a user into giving unintended permissions to the site. This vulnerability affects Firefox 128 an...

SUSE CVE-2024-38580

In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfspoll with a file pointer that may race with the last 'fput'. That would make fcount go down to zero, and while the ep-mtx locking means that the resulting file pointe...

DEBIAN-CVE-2021-47586

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rkgmacsetup KASAN reports an out-of-bounds read in rkgmacsetup on the line: while ops-regsi This happens for most platforms since the regs flexible array member is empty, so the memory after...