CVE-2026-46183

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree with damonsysfslock damonsysfsquotgoal-path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters on,offline committing to...

SUSE CVE-2024-58060

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...

CVE-2024-53235 erofs: fix file-backed mounts over FUSE

In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fusereadargsfill: fusereadfolio+0xb0/0x100 fs/fuse/file.c:905 filemapreadfolio+0xc6/0x2a0 mm/filemap.c:2367 doreadcachefolio+0x263/0x5c0 mm/filemap.c:382...

SUSE CVE-2024-47539

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the converttos3341a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loo...

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

SUSE CVE-2021-37654

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...

Upgraded Q -> M from 129 [1666359797557]

Judge has assessed an item in Issue 129 as Medium risk. The relevant finding follows: 1.use transfer to pay eth GolomTrader.sol payEther use transfer to pay eth , and receiver can be specified arbitrarily, it is recommended to use call to avoid a certain chance of failure due to 2300 gas fee...

Arbitrary File Read

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...

CentOS Update for libexif CESA-2012:1255 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Solaris Update for bind 119784-11

Check for the Version of bind OpenVAS Vulnerability Test Solaris Update for bind 119784-11 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the G...

CentOS Update for speex CESA-2008:0235 centos4 x86_64

Check for the Version of speex OpenVAS Vulnerability Test CentOS Update for speex CESA-2008:0235 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...