Lucene search
+L

1404 matches found

OSV
OSV
added 2022/05/20 9:17 p.m.39 views

GO-2022-0435 Panic due to large inputs affecting P-256 curves in crypto/elliptic

A crafted scalar input longer than 32 bytes can cause P256.ScalarMult or P256.ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected...

7.5CVSS9.7AI score0.04195EPSS
Exploits0References4
Veracode
Veracode
added 2022/04/27 2:31 p.m.28 views

Insecure Cryptographic Function

amd64-microcode has insecure cryptographic function. The vulnerable exists due to an insecure cryptographic implementation...

5.3CVSS2.2AI score0.01609EPSS
Exploits1References6Affected Software1
ArchLinux
ArchLinux
added 2022/04/04 12:0 a.m.58 views

[ASA-202204-4] rizin: multiple issues

Arch Linux Security Advisory ASA-202204-4 ========================================= Severity: Medium Date : 2022-04-04 CVE-ID : CVE-2021-4022 CVE-2021-43814 Package : rizin Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2590 Summary ======= The package rizin before...

7.8CVSS2.6AI score0.00846EPSS
Exploits1References12
Huntr
Huntr
added 2022/03/07 2:41 p.m.42 views

NULL Pointer Dereference

Description There is a NULL Pointer Dereference in mrbvmexec vm.c:1929. This bug has been found on mruby lastest commit hash c2f7ed514dfa0fcae2e7e72d51f25be3d3d6d72c on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1- Clone repo and build with ASAN using MRUBYCONFIG=buildconfig/clang-asan.rb rak...

7.1CVSS0.3AI score0.00814EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 2:30 p.m.32 views

in mruby/mruby

Description There is a NULL Pointer Dereference in aryconcat array.c:301. This bug has been found on mruby lastest commit hash ecb28f4bf463483cf914c799d086b0cfff997aee on Ubuntu 20.04 for x8664/amd64. Proof of Concept The crash is not reproducible in a debug build, so a release build config must ...

4.3CVSS0.00813EPSS
Exploits1
Huntr
Huntr
added 2022/01/31 2:12 p.m.35 views

in mruby/mruby

Description There is a NULL Pointer Dereference in ivfree src/variable.c:232:20. This bug has been found on mruby lastest commit hash 00f2b74ab2c1f03084908c815dcd0934f9fc702a on Ubuntu 20.04 for x8664/amd64. Proof of Concept 3.timese=0," =c= y:0,0 0" Steps to reproduce 1- Clone repo and build wit...

7.8CVSS0.2AI score0.00918EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 1:59 p.m.35 views

in mruby/mruby

Description There is a NULL Pointer Dereference in ivfree src/variable.c:232:20. This bug has been found on mruby lastest commit hash 31fa3304049fc406a201a72293cce140f0557dca on Ubuntu 20.04 for x8664/amd64. Proof of Concept 6.times3.times%until-break b= 0,m:0 s=0 Steps to reproduce 1- Clone repo...

4.3CVSS0.3AI score0.0081EPSS
Exploits1
Huntr
Huntr
added 2022/01/14 5:43 p.m.17 views

in mruby/mruby

Description There is a NULL Pointer Dereference in preparesingletonclass src/class.c:360:13. This bug has been found on mruby lastest commit hash 171d32c0071d776207174a40a8fa26def3dbb931 on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1.timesb= a=0 0,m:0 c=0=0,nil=nil0 def mend def c.eend Steps...

5CVSS1AI score0.00963EPSS
Exploits1
CNVD
CNVD
added 2021/12/15 12:0 a.m.24 views

Rizin buffer overflow vulnerability

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used to analyze binaries, disassemble code, debug programs, as a forensic tool, as a command-line hex editor that can open disk files that can be scripted, etc. Rizin 0.3.1 and earlier versions have a...

7.8CVSS1.7AI score0.00846EPSS
Exploits0References1
NVD
NVD
added 2021/12/13 8:15 p.m.23 views

CVE-2021-43814

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...

7.8CVSS0.00846EPSS
Exploits0References3
OSV
OSV
added 2021/12/13 8:15 p.m.22 views

CVE-2021-43814

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...

7.8CVSS7.3AI score
Exploits0References3
Prion
Prion
added 2021/12/13 8:15 p.m.18 views

Heap overflow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...

6.8CVSS7.7AI score0.00846EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/12/13 7:35 p.m.53 views

CVE-2021-43814

CVE-2021-43814 affects Rizin up to version 0.3.1, with a heap-based out-of-bounds write in parse_die() when reversing AMD64 ELF binaries with DWARF info. This can allow a malicious binary to cause a crash or arbitrary actions and potentially code execution. Upstream remediation is available in 0....

7.8CVSS7.7AI score0.00846EPSS
Exploits0References3Affected Software1
Oracle linux
Oracle linux
added 2021/11/03 12:0 a.m.89 views

kernel security, bug fix, and enhancement update

4.18.0-305.25.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

8.8CVSS7.5AI score0.01476EPSS
Exploits0
HackRead
HackRead
added 2021/10/20 12:23 p.m.51 views

New Linux kernel memory corruption bug causes full system compromise

By Waqas Researchers dubbed it a "straightforward Linux kernel locking bug" that they exploited against Debian Buster's 4.19.0.13-amd64 kernel. This is a post from HackRead.com Read the original post: New Linux kernel memory corruption bug causes full system compromise...

3.2AI score
Exploits0
Debian
Debian
added 2021/10/18 8:51 a.m.84 views

[SECURITY] [DLA 2743-2] amd64-microcode update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2743-2 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 18, 2021 https://wiki.debian.org/LTS -...

5.6CVSS6.7AI score0.74041EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2021/10/18 12:0 a.m.36 views

Debian DLA-2743-1 : amd64-microcode - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2743 advisory. It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an...

5.6CVSS7.3AI score0.74041EPSS
Exploits9References6
OSV
OSV
added 2021/10/18 12:0 a.m.10 views

DLA-2743-2 amd64-microcode - regression update

Bulletin has no description...

7.2AI score
Exploits0
OSV
OSV
added 2021/08/16 12:0 a.m.55 views

DLA-2743-1 amd64-microcode - security update

Bulletin has no description...

5.6CVSS7.4AI score0.74041EPSS
Exploits9
OpenVAS
OpenVAS
added 2021/08/16 12:0 a.m.24 views

Debian: Security Advisory (DLA-2743)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.6CVSS6.9AI score0.74041EPSS
Exploits9References4
Rows per page
Query Builder