1683 matches found
CVE-2023-52340
A flaw in the routing table size was found in the ICMPv6 handling of "Packet Too Big". The size of the routing table is regulated by periodic garbage collection. However, with "Packet Too Big Messages" it is possible to exceed the routing table size and garbage collector threshold. A user located...
Important: kernel
Issue Overview: When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too Big" PTB message to the sender. The sender caches this updated Maximum Transmission Unit MTU so it knows not to exceed this value when subsequently routing to the same host...
Important: kernel
Issue Overview: When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too Big" PTB message to the sender. The sender caches this updated Maximum Transmission Unit MTU so it knows not to exceed this value when subsequently routing to the same host...
io_uring UAF Unix SCM garbage collection
...
Important: kernel
Issue Overview: An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an iouring/fdinfo.c iouringshowfdinfo NULL pointer dereference can occur. CVE-2023-46862 When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6...
Important: kernel
Issue Overview: A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. CVE-2023-0590 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel...
CVE-2022-2602
iouring UAF, Unix SCM garbage collection...
DEBIAN-CVE-2022-2602
iouring UAF, Unix SCM garbage collection...
Code injection
iouring UAF, Unix SCM garbage collection...
CVE-2022-2602
iouring UAF, Unix SCM garbage collection...
CVE-2022-2602
iouring UAF, Unix SCM garbage collection...
CVE-2022-2602
iouring UAF, Unix SCM garbage collection...
CVE-2022-2602
CVE-2022-2602 is a Linux kernel vulnerability in io_uring related to a use-after-free in the Unix garbage collection path. Multiple connected sources confirm a local, kernel-side issue (io_uring UAF) that can be exploited to crash the kernel and, in PoC scenarios, enable privilege escalation by r...
Design/Logic Flaw
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFTCHAIN object or NFTOBJECT object, allowing a local...
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...
Fedora 37 : chromium (2023-442c049c3c)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-442c049c3c advisory. update to 119.0.6045.159, upstream security release - High CVE-2023-5997, use after free in Garbage Collection - High CVE-2023-6112, use after free ...
electron{25,26} -- use after free in Garbage Collection
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5997...
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0372-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0372-1 advisory. - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption...
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14755)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14755 advisory. - A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite version...
Chromium: CVE-2023-5997 Use after free in Garbage Collection
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...