10861 matches found
Oracle Linux 6 : kernel (ELSA-2021-9212)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9212 advisory. 2.6.32-754.35.1.0.3.OL6 - Fixes for RHSA-2021:1288 Orabug: 32809880 Tenable has extracted the preceding description block directly from the Oracle Linu...
RHEL 7 : kpatch-patch (RHSA-2021:1377)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1377 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...
eclipse: Help Subsystem does not authenticate active help requests
It was found that the Eclipse Platform does not authenticate requests to the Help subsystem on the local web server. A local attacker could use this vulnerability to disrupt the Eclipse user's session, potentially causing Eclipse to damage or disclose data owned by that user...
kernel: heap buffer overflow in the iSCSI subsystem
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
Important: Red Hat Security Advisory: kpatch-patch security update
An update is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
kernel: heap buffer overflow in the iSCSI subsystem
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Designing sockfuzzer, a network syscall fuzzer for XNU
Posted by Ned Williamson, Project Zero Introduction When I started my 20% project – an initiative where employees are allocated twenty-percent of their paid work time to pursue personal projects – with Project Zero, I wanted to see if I could apply the techniques I had learned fuzzing Chrome to...
SUSE-SU-2021:1301-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem bsc1178181. - CVE-2020-36311: Fixed a denial of service...
Linux kernel resource management error vulnerability (CNVD-2021-30592)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in versions of Linux kernel prior to 5.7, which stems from the KVM subsystem allowing out-of-scope access after deletion. No...
kernel: heap buffer overflow in the iSCSI subsystem
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: heap buffer overflow in the iSCSI subsystem
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...
kernel: performance counters race condition use-after-free
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...
PT-2021-6923 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.14.13 Description: The issue is related to a buffer overflow in the firewire subsystem of the Linux kernel, specifically in the drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files...
PT-2021-8007 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed during the registration of input/output devices in the Kernel-based Virtual Machine KVM subsystem of the Linux kernel...
CVE-2020-28141
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page...
Design/Logic Flaw
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page...