Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from an improper implementation of the full-screen API that allows remote attackers to execute an incorrect security UI via a crafted HTML page, and affects the following products and...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser by Google, Inc. A security vulnerability exists in Google Chrome, which originates from a heap buffer overflow in libphonenumber that allows remote attackers to potentially exploit heap corruption via a crafted HTML page, and affects the following products and...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from an improper implementation of the file system API that allows remote attackers to bypass file system restrictions via a crafted HTML page, and affects the following products and...

PT-2022-35389 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue concerns a send buffer overflow in NFSv3 READDIR. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.75,...

PT-2022-33828 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 4.9 through 5.15.60 Description: The issue is related to a refcount leak in the qcom smd parse edge function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

network backend may cause Linux netfront to use freed SKBs

ISSUE DESCRIPTION While adding logic to support XDP eXpress Data Path, a code label was moved in a way allowing for SKBs having references pointers retained for further processing to nevertheless be freed. IMPACT A misbehaving or malicious backend may cause a Denial of Service DoS in the guest...

CVE-2021-22127

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious...

AZL-9120 CVE-2022-27666 affecting package kernel for versions less than 5.15.32.1-3

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

SUSE SLES12 Security Update : kernel (Live Patch 42 for SLE 12 SP3) (SUSE-SU-2022:0668-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0668-1 advisory. This update for the Linux Kernel 4.4.180-94153 fixes several issues. The following security issues were fixed: - CVE-2021-0920: Fix...

CVE-2022-22780

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availabili...

SUSE SLES12 Security Update : kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2021:2846-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2846-1 advisory. This update for the Linux Kernel 4.4.180-94147 fixes several issues. The following security issues were fixed: - CVE-2021-37576: On...

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module SOM series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. Tracked from...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.2, which leads to the execution of arbitrary code and escalation of privileges in the kernel context...

CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

DEBIAN-CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

Design/Logic Flaw

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

UBUNTU-CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

UBUNTU-CVE-2019-3016

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD...

CVE-2019-14565

Insufficient initialization in IntelR SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access...