23 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003444)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003444 advisory. The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users ...
Code Injection
silverstripe/framework is vulnerable to Code Injection. The vulnerability is due to the improper handling of associative arrays in the second argument of renderWith, where unsanitized user input can be passed directly as a value...
GHSA-VGXH-X8JV-HMFF silverstripe/framework code execution vulnerability
There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...
[SECURITY] Fedora 31 Update: lua-5.3.5-8.fc31
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...
[SECURITY] Fedora 32 Update: lua-5.3.5-8.fc32
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...
CVE-2017-12193
A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assocarrayapplyedit due to incorrect node-splitting in assocarray...
kernel: dereferencing NULL payload with nonzero length
A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of serviceDoS attacks. This occurs in implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged...
[SECURITY] Fedora 29 Update: lua-5.3.5-3.fc29
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...
kernel: dereferencing NULL payload with nonzero length
A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...
kernel: dereferencing NULL payload with nonzero length
A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...
kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation
A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assocarrayapplyedit due to incorrect node-splitting in assocarray...
Virtuozzo 7 : readykernel-patch (VZA-2017-101)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of associative arrays in the Linux kernel. A null pointer dereference could...
Virtuozzo 7 : readykernel-patch (VZA-2017-102)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of associative arrays in the Linux kernel. A null pointer dereference could...
Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-096)
According to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE...
CVE-2017-15274
A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...
UBUNTU-CVE-2016-7914
The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...
Amazon Linux AMI : python26 (ALAS-2012-98)
A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting data into an array...
Mandriva Linux Security Advisory : python (MDVSA-2012:097)
Multiple vulnerabilities has been discovered and corrected in python : The ssl module would always disable the CBC IV attack countermeasure CVE-2011-3389. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local use...
Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20120130)
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays hashes in Ruby. An attacker able to supply a large number of inputs to a...