Linux Kernel Organization, Inc. Security Vulnerabilities

Amazon Linux AMI : kernel (ALAS-2019-1145)

The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.(CVE-2018-20169) A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition....

CVE-2021-46911 ch_ktls: Fix kernel panic

In the Linux kernel, the following vulnerability has been resolved: ch_ktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take tx_ctx lock for the complete skb transmit, to avoid page cleanup if ACK received in...

RHEL 7 : kernel-alt (RHSA-2019:0162)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0162 advisory. kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry() with crafted ext4 image (CVE-2018-10840) Note that Nessus has not...

RHEL 7 : kernel-rt (RHSA-2019:0188)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0188 advisory. kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) Note that Nessus has not tested for this issue but has...

Amazon Linux 2 : kernel (ALAS-2020-1480)

The version of kernel installed on the remote host is prior to 4.14.192-147.314. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory. 2024-06-19: CVE-2020-14356 was added to this advisory. The Serial Attached SCSI (SAS) implementation in the Linux...

Exploit for CVE-2023-6241

Exploit for CVE-2023-6241 The write up can be found...

Amazon Linux AMI : kernel (ALAS-2023-1773)

The version of kernel installed on the remote host is prior to 4.14.318-166.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1773 advisory. It was discovered that a nft object or expression could reference a nft set on a different nft table, leading...

Amazon Linux 2 : kernel (ALAS-2023-2100)

The version of kernel installed on the remote host is prior to 4.14.318-240.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2100 advisory. It was discovered that a nft object or expression could reference a nft set on a different nft table, leading...

Oracle Linux 9 : kernel (ELSA-2022-8267)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8267 advisory. A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local...

CVE-2024-4990

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

Linux SMB3 Kernel Server (KSMBD) Installed (Linux)

Linux SMB3 Kernel Server (KSMBD) was detected on the remote Linux...

CVE-2021-46911 ch_ktls: Fix kernel panic

In the Linux kernel, the following vulnerability has been resolved: ch_ktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take tx_ctx lock for the complete skb transmit, to avoid page cleanup if ACK received in...

Amazon Linux 2 : kernel (ALAS-2024-2549)

The version of kernel installed on the remote host is prior to 4.14.343-259.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2549 advisory. 2024-06-19: CVE-2023-46838 was added to this advisory. 2024-06-06: CVE-2023-52486 was added to this advisory. ...

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...

Rocky Linux 8 : kernel (RLSA-2022:7683)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7683 advisory. An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an...

RHEL 9 : kernel-rt (RHSA-2022:7933)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7933 advisory. kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) kernel: use-after-free vulnerability in...

Amazon Linux AMI : kernel (ALAS-2019-1149)

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption...

Amazon Linux 2 : kernel (ALAS-2019-1149)

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption...

RHEL 9 : kernel (RHSA-2024:3855)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3855 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SVM: improper check...

Exploit for Integer Overflow or Wraparound in Linux Linux Kernel

CVE-2022-0185-Case-Study This case study is a result of an...

Amazon Linux 2 : kernel (ALAS-2023-2359)

The version of kernel installed on the remote host is prior to 4.14.330-250.540. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2359 advisory. 2024-06-19: CVE-2023-52845 was added to this advisory. A use-after-free flaw was found in vcs_read in...

Amazon Linux 2 : kernel (ALAS-2024-2569)

The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2569 advisory. 2024-06-19: CVE-2022-1011 was added to this advisory. 2024-06-19: CVE-2022-1353 was added to this advisory. ...

RHEL 8 : kernel (RHSA-2024:3810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...

CVE-2024-31327

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-31326

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-23696

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-23695

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-35141

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

[SECURITY] Fedora 39 Update: kernel-6.8.8-200.fc39

The kernel meta...

Amazon Linux AMI : kernel (ALAS-2024-1942)

The version of kernel installed on the remote host is prior to 4.14.348-187.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1942 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...

Amazon Linux 2 : kernel (ALAS-2024-2581)

The version of kernel installed on the remote host is prior to 4.14.348-265.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2581 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...

CVE-2007-0257

Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has....

CVE-2024-31330

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-31324

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

RHEL 8 : kernel (RHSA-2024:3859)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3859 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SEV-ES / SEV-SNP...

CentOS 7 : kernel (CESA-2019:0512)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2024-36041

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-38614

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions (for debugging) among others. There is a bug where the...

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

Oracle Linux 9 : kernel (ELSA-2024-12094)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12094 advisory. An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because...

Oracle Linux 8 : kernel (ELSA-2023-7549)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7549 advisory. Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary...

RHEL 8 : kernel-rt (RHSA-2023:7551)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7551 advisory. kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) hw: amd: Cross-Process Information Leak (CVE-2023-20593) Note...

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

RHEL 8 : kernel-rt (RHSA-2023:7548)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7548 advisory. kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) kernel: use-after-free due to race...

CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS &lt;= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...

[SECURITY] Fedora 40 Update: kernel-6.8.8-300.fc40

The kernel meta...

Windows Kernel Elevation of Privilege Vulnerability

...

Windows Kernel Elevation of Privilege Vulnerability

...