MiracleLinux 8 : postgresql:13 (AXSA:2024-9054:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9054:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

MiracleLinux 9 : postgresql:16 (AXSA:2024-9501:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9501:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

MiracleLinux 9 : postgresql-13.18-1.el9_5 (AXSA:2024-9434:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9434:05 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

scs: fix a wrong parameter in __scs_magic

...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in insertextenttree When we get wrong extent info data, and look up extentnode in rb tree, it will cause infinite loop CONFIGF2FSCHECKFS=n. Avoiding this by return NULL and print some kernel messages in th...

CVE-2022-23727

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege...

CVE-2019-2257

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...

CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2022-38180

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases...

CVE-2023-29241

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...

CVE-2026-21444

CVE-2026-21444 affects libtpms when integrated with OpenSSL 3.x, with vulnerable versions 0.10.0 and 0.10.1. The issue is that the library returns the initial IV instead of the last IV for certain symmetric ciphers, weakening confidentiality. Affected deployments using OpenSSL 3.x are at risk of ...

Exposure of Data Element to Wrong Session

Overview skypilot is a SkyPilot: Run AI on Any Infra — Unified, Faster, Cheaper. Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the form of allowing users to see the pending jobs belonging to other users, under some conditions, and leaking keys in...

EUVD-2022-55825

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

CVE-2022-50873

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

UBUNTU-CVE-2022-50873

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

CVE-2022-50873

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

UBUNTU-CVE-2023-54273

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong put call...

CVE-2023-54273 xfrm: Fix leak of dev tracker

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong put call...

CVE-2022-50873 vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

CVE-2022-50873 vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...