1307 matches found
kernel: net: stmmac: fix dma queue left shift overflow issue
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...
Moderate: dhcp security and enhancement update
The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...
PT-2025-25909 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc2-syzkaller-00316-g0457e5153e0e Description: A vulnerability in the Linux kernel has been resolved, related to the udmabuf device. If the DMA mask is not set explicitly, a warning occurs when userspace...
PT-2025-26026 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue occurs when a task is descheduling and is requeued on a CPU that is excluded from the cpus mask. This can trigger a...
AZL-25851 CVE-2023-25809 affecting package moby-runc for versions less than 1.1.5-1
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...
kernel: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copyxstatetouabi to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from initfpstate via copyfeature. But, dynamic states are not present ...
DefaultAccount will add system call flag to any call with msg.value
Lines of code Vulnerability details Impact As mentioned in the repo's README.md documentation: isSystem flag. Whether the call intends a system contracts' function. While most of the system contracts' functions are relatively harmless, accessing some with calldata only may break the invariants of...
PT-2023-21154 · Wasmtime · Wasmtime
Name of the Vulnerable Software and Affected Versions: wasmtime versions prior to 4.0.1 wasmtime versions prior to 5.0.1 wasmtime versions prior to 6.0.1 Description: The code generation backend, Cranelift, has a bug on x86 64 platforms for the WebAssembly i8x16.select instruction which will...
Malicious code in py-maskgrandultra (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 53125f2986ff39680623a3497b4220d2750147825e8cbf96a5ff2ef74bf722cc EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
K18304067: The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header
Security Advisory Description The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header. This issue occurs when all of the following conditions are met: You configure a positional parameter for an Allowed URL in the...
Malicious code in jquery-mask (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c2e86401517688fc0bdbd68e989cce56834a9c11090e0a27fd0e0b5cdf9ca2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-537 Malicious code in jquery-mask (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c2e86401517688fc0bdbd68e989cce56834a9c11090e0a27fd0e0b5cdf9ca2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2007-3508
Integer overflow in the processenvvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LDHWCAPMASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution...
SUSE CVE-2009-0692
Stack-based buffer overflow in the scriptwriteparams method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option...
SUSE CVE-2010-2070
arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742...
SUSE CVE-2012-3966
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a negative height value in a BMP image within a...
SUSE CVE-2014-7231
The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...
SUSE CVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...
SUSE CVE-2015-4104
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service unexpected interrupt and host crash via unspecified vectors...
SUSE CVE-2015-8745
QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers IMR. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...