246 matches found
Null pointer dereference
A speculative pointer dereference problem exists in the Linux Kernel on the doprlimit function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or...
CVE-2023-0458 Spectre V1 Gadget in do_prlimit in the Linux Kernel
A speculative pointer dereference problem exists in the Linux Kernel on the doprlimit function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or...
The vulnerability of the source code transformer in the vm2 package manager NPM allows a hacker to escape from a isolated programming environment and execute arbitrary code.
The vulnerability of the source code transformer in the vm2 package manager NPM is related to insufficient control over resources with dynamic management. Exploiting this vulnerability allows a malicious actor to exit from a isolated software environment and execute arbitrary code...
The vulnerability of the Redis database management system lies in the insufficient control over internal resource consumption when executing commands like SCAN or KEYS with a specially created template. This allows attackers to trigger a service failure.
The vulnerability of the Redis database management system is related to insufficient control over internal resource consumption when executing commands like SCAN or KEYS with a specially created template. Exploiting this vulnerability can allow an attacker to cause service failures...
GHSA-3JFQ-742W-XG8J Users with any cluster secret update access may update out-of-bounds cluster secrets
Impact All Argo CD versions starting with v2.3.0-rc1 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges potentially controlling...
SUSE CVE-2020-9431
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations...
[SECURITY] Fedora 36 Update: rust-resctl-demo-2.1.2-8.fc36
resctl-demo demonstrates and documents various aspects of resource control using self-contained workloads in guided scenarios...
[SECURITY] Fedora 36 Update: rust-resctl-bench-2.1.2-8.fc36
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...
Fedora: Security Advisory for rust-resctl-demo (FEDORA-2023-3ec32f6d4e)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rust-resctl-bench (FEDORA-2023-3ec32f6d4e)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 37 Update: rust-resctl-demo-2.1.2-8.fc37
resctl-demo demonstrates and documents various aspects of resource control using self-contained workloads in guided scenarios...
[SECURITY] Fedora 37 Update: rust-resctl-bench-2.1.2-8.fc37
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...
Fedora: Security Advisory for rust-resctl-bench (FEDORA-2023-e3c8abd37e)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rust-resctl-demo (FEDORA-2023-e3c8abd37e)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos operating systems allows a hacker to trigger an emergency shutdown of the application.
The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos operating systems is related to insufficient resource control during its existence. Exploiting this vulnerability can allow a malicious actor to cause an unexpected termination of an application...
The vulnerability of the SSH network protocol implementation in microprogrammable industrial network interfaces SCALANCE SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, and SC646-2C arises from insufficient data authentication checks. This allows attackers to trigger service failures.
The vulnerability of the SSH network protocol implementation in microprogrammable industrial network interfaces such as SCALANCE SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, and SC646-2C is related to insufficient resource control during their lifespan. Exploiting this vulnerability could...
The vulnerability of the Citrix ADC application delivery controller (formerly Citrix NetScaler Application Delivery Controller) and the Citrix Gateway access control system (formerly Citrix NetScaler Gateway) allows a perpetrator to execute arbitrary code.
The vulnerability of the Citrix ADC application delivery controller formerly Citrix NetScaler Application Delivery Controller and the Citrix Gateway access control system formerly Citrix NetScaler Gateway is related to insufficient resource control during its existence. Exploiting this...
Siemens SCALANCE Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
MediaTek 芯片安全漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek Modem 4G RRC that stems from incorrect input validation, which can lead to a system crash...
Input validation
An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...