796 matches found
DEBIAN-CVE-2024-4853
Memory handling issue in editcap could cause denial of service via crafted capture file...
PT-2024-7386
Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 3.3.3 Description: The issue arises from the use of low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial, leading to out-of-bounds memory reads or writes. This can cause an...
DEBIAN-CVE-2024-32663
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...
CVE-2024-32663
Summary: CVE-2024-32663 affects Suricata prior to 7.0.5 and 6.0.19, where a small amount of HTTP/2 traffic can cause Suricata to allocate a large amount of memory. The issue has been fixed in Suricata 7.0.5 and 6.0.19. Impact (as stated): Memory exhaustion under HTTP/2 traffic can lead to degrade...
CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...
CVE-2024-26996
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, ethstop is called. At this piont, accidentally if usb transport error should...
Virtuozzo Hybrid Infrastructure 6.1 Hotfix 2 (6.1.0-251)
This update provides stability improvements. Vulnerability id: VSTOR-84476 Fixed iSCSI persistent reservations. Vulnerability id: VSTOR-84499 Load balancer members get the "Unhealthy" status after upgrading from 6.0 to 6.1. Vulnerability id: VSTOR-84646 Fixed a memory issue for NFS clusters with...
Memory Access Issue
Firefox is vulnerable to a memory access issue. The vulnerability is due to accessing uninitialized memory when the MarkStack assignment operator, part of the JavaScript engine, is used in a self-assignment...
USN-6726-3 linux-xilinx-zynqmp vulnerabilities
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...
SUSE-SU-2024:1318-1 Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-1504002497 fixes several issues. The following security issues were fixed: - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receiveencryptedstandard in fs/smb/client/smb2ops.c bsc1219078. - CVE-2024-1085: Fixed nftables use-after-free...
SUSE-SU-2024:1079-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: - CVE-2024-29025: Fixed out of memory due to large number of form fields bsc1222045...
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
PT-2024-2501 · Wireshark +4 · Wireshark +4
Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.13 Wireshark versions 4.0.3 through 4.2.0 Description: The issue is related to the T.38 dissector in Wireshark and is caused by improper memory management. Exploitation of this issue may allow an attacker ...
USN-6703-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-2609, CVE-2024-2611,...
USN-6680-3 linux-aws, linux-aws-6.5 vulnerabilities
黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...
PT-2024-19742 · Apple · Macos Sonoma +1
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: The issue was addressed with improved memory handling. Processing a file may lead to a denial-of-service or potentially disclose memory contents. Recommendations: For versions prior to 14.4,...
USN-6669-1 thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...
kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2023-52427
In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resourcelimits.maxsamples. NOTE: the vendor's position is that the product is not designed to handle a maxsamples value that is too large for the amount of memory on the system...
USN-6610-2 firefox regressions
USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potential...