297 matches found
ALSA-2024:2562 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...
CVE-2024-26674
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels = v6.3. mce: Hardware Error: CPU 296...
BIT-GOLANG-2022-41724 Panic on large handshake records in crypto/tls
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...
CVE-2024-24783 Verify panics on certificates with an unknown public key algorithm in crypto/x509
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...
CVE-2024-24783 Verify panics on certificates with an unknown public key algorithm in crypto/x509
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...
CVE-2021-47108
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...
CVE-2021-47108
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...
CVE-2021-47108 drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...
CVE-2021-47108 drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...
DEBIAN-CVE-2021-46948
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...
CVE-2021-46948
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...
CVE-2021-46949
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX flush done handling We're starting from a TXQ instance number 'qid', not a TXQ type, so efxgettxqueue is inappropriate and could return NULL, leading to panics...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from the fact that the count of page references in use is not optimal, sometimes leading to kernel panics...
Improper Validation of Array Index in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...
Input validation
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...
RHCOS 4 : OpenShift Container Platform 4.13.4 (RHSA-2023:3612)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3612 advisory. - golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 - golang.org/x/net/http2: avoid...
Oracle Linux 9 : runc (ELSA-2023-6380)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6380 advisory. - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - runc 1.1.5 resolves CVE-2023-25809 and CVE-2023-27561 Tenable has extracte...
RHEL 9 : containernetworking-plugins (RHSA-2023:6402)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6402 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...