hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

RHEL 7 : microcode_ctl (RHSA-2021:3317)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3317 advisory. hw: Vector Register Data Sampling CVE-2020-0548 hw: L1D Cache Eviction Sampling CVE-2020-0549 hw: Special Register Buffer Data Sampling SRBD...

The vulnerability of the DVMRP (Distance Vector Multicast Routing Protocol) implementation in Juniper Networks’ Junos OS-based QFX10K routers allows a attacker to cause service interruptions.

The vulnerability of the DVMRP Distance Vector Multicast Routing Protocol implementation in Juniper Networks’ Junos OS-based QFX10K routers stems from packet looping due to incorrect comparison of Ethernet segment identifiers. Exploiting this vulnerability can allow a malicious actor to cause...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82984)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GHSA-MCRF-7HF9-F6Q5 Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory...

Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory...

GHSA-RG4M-GWW5-7P47 Free of uninitialized memory in adtensor

An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

Free of uninitialized memory in adtensor

An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

GHSA-4WJ3-P7HJ-CVX8 Double free in ordnung

An issue was discovered in the ordnung crate through version 0.0.1 for Rust. compact::Vec violates memory safety via a remove double free...

GHSA-QRWC-JXF5-G8X6 Out of bounds read in ordnung

An issue was discovered in the ordnung crate through version 0.0.1 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal (201714)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 201714 DESCRIPTION: Gutenberg module for Drupal could allow a remote attacker to bypass security restrictions, caused by improper validation of access rules in certain situations. By sendin...

GHSA-M2PF-HPRP-3VQM Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...