224 matches found
Important: Red Hat Security Advisory: edk2 security update
An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as havi...
DEBIAN-CVE-2021-46911
In the Linux kernel, the following vulnerability has been resolved: chktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take txctx lock for the complete skb transmit, to avoid page cleanup if ACK received in middle...
UBUNTU-CVE-2021-46911
In the Linux kernel, the following vulnerability has been resolved: chktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take txctx lock for the complete skb transmit, to avoid page cleanup if ACK received in middle...
About the security content of Safari 17.2
About the security content of Safari 17.2 This document describes the security content of Safari 17.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Moderate: Red Hat Security Advisory: linux-firmware security update
An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
kernel: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
A use-after-free vulnerability was found in the MPI3MR SCSI driver. The evtackcmds array is not properly initialized, causing invalid memory access via clearbit with incorrect bit indices during event acknowledgment...
kernel: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
A use-after-free vulnerability was found in the MPI3MR SCSI driver. The evtackcmds array is not properly initialized, causing invalid memory access via clearbit with incorrect bit indices during event acknowledgment...
quic-go security vulnerability
quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A security vulnerability exists in versions of quic-go prior to 0.37.0 to 0.37.3, which stems from a vulnerability that allows an attacker to serialize ACK frames on completion of a...
PT-2023-29922 Ā· Quic-Go Ā· Quic-Go
Name of the Vulnerable Software and Affected Versions: quic-go versions 0.37.0 through 0.37.2 Description: The issue arises from serializing an ACK frame after the CRYPTO frame, allowing a node to complete the handshake. This can trigger a nil pointer dereference when the node attempts to drop th...
RLSA-2023:5927 Important: php:8.0 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...
GHSA-PFFG-92CG-XF5C gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation Ć la GLV ExpGLV can sometimes give incorrect results compared to normal exponentiation Exp. The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact Exp an...
ALPINE-CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
PRBMATH SD59x18.exp() reverts on hugely negative numbers.
Lines of code Vulnerability details Impact ContinuousGDA.sol inherits a version of PRB Math that contains a vulnerability in the SD59x18.exp function, which can be reverted on hugely negative numbers. SD59x18.exp is used for calculations in ContinuousGDA.solpurchasePrice ,...
Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update
An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Exploit for CVE-2022-44666
Microsoft Windows Contacts VCF/Contact/LDAP syslink control...
SUSE CVE-2011-5053
The Wi-Fi Protected Setup WPS protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or...
SUSE CVE-2016-1547
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if...
SUSE CVE-2019-11477
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
Moderate: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...