11150 matches found
Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update
An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
A vulnerability was found in the Linux kernel's networking subsystem in the actapi implementation within the tcfidrcheckalloc function, which lead to a possible infinite loop when multiple actions with the same index are added, causing the second request to block indefinitely while holding the...
github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp
A flaw was found in jaraco/zipp. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is...
Security Bulletin: IBM Master Data Management is vulnerable to denial of service from a vulnerability found in OpenSSL (CVE-2022-0778)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a denial of service from a vulnerability found in OpenSSL. OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted certificate with invali...
K000148255: libarchive vulnerabilities CVE-2019-1000020 and CVE-2019-1000019
Security Advisory Description CVE-2019-1000020 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0 onwards contains a CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in ISO9660 parser, archivereadsupportformatiso9660.c,...
F5 Networks BIG-IP : libarchive vulnerabilities (K000148255)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the K000148255 advisory. CVE-2019-1000020libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...
Denial Of Service (DoS)
github.com/gomarkdown/markdown is vulnerable to Denial Of Service DoS. The vulnerability is due to a logical problem in the paragraph function of the parser/block.go file, which allows a remote attacker to cause an infinite loop by providing specially crafted input, resulting in the program hangi...
github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp
A flaw was found in jaraco/zipp. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is...
The vulnerability of the entry_SYSCALL_compat() function in the Linux operating system’s kernel on the x86 platform allows a hacker to trigger a service failure.
The vulnerability of the entrySYSCALLcompat function in the arch/x86/entry/entry64compat.S module of the Linux operating system’s kernel on the x86 platform is related to an infinite loop. Exploiting this vulnerability could allow an attacker to cause a service failure...
SUSE CVE-2024-49994
In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blkioctldiscard but for secure erase. Same problem: uint64t r2 = 512,...
DEBIAN-CVE-2024-49994
In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blkioctldiscard but for secure erase. Same problem: uint64t r2 = 512,...
CVE-2024-49994 block: fix integer overflow in BLKSECDISCARD
In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blkioctldiscard but for secure erase. Same problem: uint64t r2 = 512,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an integer overflow problem in BLKSECDISCARD leading to an infinite loop...
SUSE CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
GHSA-XHR3-WF7J-H255 Infinite loop in github.com/gomarkdown/markdown
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
DEBIAN-CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
AZL-50618 CVE-2024-44337 affecting package cri-o for versions less than 1.22.3-12
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
UBUNTU-CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...