1401 matches found
GHSA-PMCV-MGCF-RVXG Non-aligned u32 read in Chacha20 encryption and decryption
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...
abomonation transmutes &T to and from &[u8] without sufficient constraints
This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...
GHSA-HFXP-P695-629X abomonation transmutes &T to and from &[u8] without sufficient constraints
This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...
UBUNTU-CVE-2022-32547
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application...
abomonation transmutes &T to and from &[u8] without sufficient constraints
This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...
Imagemagick Studio ImageMagick 代码问题漏洞
Imagemagick Studio ImageMagick is a suite of open-source image processing software from the American company Imagemagick Studio. The software can read, convert, or write images in a variety of formats. A security vulnerability exists in Imagemagick Studio ImageMagick, which originates in...
kernel: possible leak or coruption of data residing on hugetlbfs
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data...
GSD-2022-1002059 fs: fix fd table size alignment properly
fs: fix fd table size alignment properly This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...
GSD-2022-1002011 PCI: endpoint: Fix alignment fault error in copy tests
PCI: endpoint: Fix alignment fault error in copy tests This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.111 by commit...
GSD-2022-1001801 fs: fix fd table size alignment properly
fs: fix fd table size alignment properly This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...
GSD-2022-1001728 PCI: endpoint: Fix alignment fault error in copy tests
PCI: endpoint: Fix alignment fault error in copy tests This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.34 by commit...
GSD-2022-1001404 PCI: endpoint: Fix alignment fault error in copy tests
PCI: endpoint: Fix alignment fault error in copy tests This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...
GSD-2022-1001068 PCI: endpoint: Fix alignment fault error in copy tests
PCI: endpoint: Fix alignment fault error in copy tests This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...
Aligning the c-suite with cyber risk management
As we creep toward a post-pandemic world, organizations need to plan accordingly. Explore Trend Micro’s latest cyber risk research to enable your business to maximize its growth and potential...
Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck
Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident...
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
...
CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...
Spoofing
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...
glibc security update
2.28-164.0.5.3 - Merge external errata patches. - Siddhesh Poyarekar - 2.28-164.3 - CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak 2032280 - Siddhesh Poyarekar - 2.28-164.2 - CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc clntcreate for 'unix' and...
CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...