The vulnerability of the sun8i-ce_cipher_do_one() function in the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c file of the Allwinner Crypto Engine driver for the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sun8icecipherdoone function in the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c file of the Allwinner Crypto Engine driver for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker...

DEBIAN-CVE-2024-4853

Memory handling issue in editcap could cause denial of service via crafted capture file...

PT-2024-7386

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 3.3.3 Description: The issue arises from the use of low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial, leading to out-of-bounds memory reads or writes. This can cause an...

DEBIAN-CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

CVE-2024-32663

Summary: CVE-2024-32663 affects Suricata prior to 7.0.5 and 6.0.19, where a small amount of HTTP/2 traffic can cause Suricata to allocate a large amount of memory. The issue has been fixed in Suricata 7.0.5 and 6.0.19. Impact (as stated): Memory exhaustion under HTTP/2 traffic can lead to degrade...

CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

CVE-2024-26996

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, ethstop is called. At this piont, accidentally if usb transport error should...

Virtuozzo Hybrid Infrastructure 6.1 Hotfix 2 (6.1.0-251)

This update provides stability improvements. Vulnerability id: VSTOR-84476 Fixed iSCSI persistent reservations. Vulnerability id: VSTOR-84499 Load balancer members get the "Unhealthy" status after upgrading from 6.0 to 6.1. Vulnerability id: VSTOR-84646 Fixed a memory issue for NFS clusters with...

Memory Access Issue

Firefox is vulnerable to a memory access issue. The vulnerability is due to accessing uninitialized memory when the MarkStack assignment operator, part of the JavaScript engine, is used in a self-assignment...

USN-6726-3 linux-xilinx-zynqmp vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

SUSE-SU-2024:1318-1 Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002497 fixes several issues. The following security issues were fixed: - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receiveencryptedstandard in fs/smb/client/smb2ops.c bsc1219078. - CVE-2024-1085: Fixed nftables use-after-free...

SUSE-SU-2024:1079-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: - CVE-2024-29025: Fixed out of memory due to large number of form fields bsc1222045...

CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

PT-2024-2501 · Wireshark +4 · Wireshark +4

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.13 Wireshark versions 4.0.3 through 4.2.0 Description: The issue is related to the T.38 dissector in Wireshark and is caused by improper memory management. Exploitation of this issue may allow an attacker ...

USN-6703-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-2609, CVE-2024-2611,...

USN-6680-3 linux-aws, linux-aws-6.5 vulnerabilities

黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...

PT-2024-19742 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: The issue was addressed with improved memory handling. Processing a file may lead to a denial-of-service or potentially disclose memory contents. Recommendations: For versions prior to 14.4,...

USN-6669-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2023-52427

In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resourcelimits.maxsamples. NOTE: the vendor's position is that the product is not designed to handle a maxsamples value that is too large for the amount of memory on the system...