CVE-2024-27037

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

AZL-40292 CVE-2024-27037 affecting package hyperv-daemons for versions less than 6.6.29.1-1

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

UBUNTU-CVE-2024-27037

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

CVE-2024-27037

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

CVE-2024-27044 drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10setoutputtransferfunc' The 'stream' pointer is used in dcn10setoutputtransferfunc before the check if 'stream' is NULL. Fixes the below:...

CVE-2024-27037 clk: zynq: Prevent null pointer dereference caused by kmalloc failure

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null...

CVE-2024-27014

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, any scheduled aRFS works are canceled using the cancelworksync function, which waits for the work to end if it has already started...

CVE-2024-4369

An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...

Tinyproxy HTTP request parsing uninitialized memory vulnerability

Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially craft...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a variable dereference issue in the DDMA completion process...

CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure

An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...

CVE-2024-4369

OpenShift OpenShift Container Platform cluster-image-registry-operator is affected by CVE-2024-4369. The flaw exposes AZURE_CLIENT_SECRET via an environment variable in a pod definition on Azure environments. An attacker who can obtain pod information from the openshift-image-registry namespace a...

CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure

An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...

CVE-2024-4369

An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...

shim: Out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

hcode -- buffer overflow in mail.c

The openSUSE project reports: The problematic function in question is putSDN in mail.c. The static variable cp is used as an index for a fixed-sized buffer ibuf. There is a range check: if cp = HDRBUFLEN ... but under certain circumstances, cp can be incremented beyond the buffer size, leading to...

CVE-2023-52723

In KDE libksieve, vulnerable component is kmanagesieve/session.cpp where a username variable is accidentally assigned a password value, causing cleartext credentials to be written to server logs. Affected product/version: libksieve prior to 23.03.80. Reported impact: potential exposure of user pa...

RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0261 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

CVE-2024-32878

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...

CVE-2024-32878 Use of Uninitialized Variable Vulnerability in llama.cpp

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...