Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003444)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003444 advisory. The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users ...

7.1CVSS6.9AI score0.02041EPSS
Exploits0References9
Veracode
Veracode
added 2024/05/29 6:39 a.m.7 views

Code Injection

silverstripe/framework is vulnerable to Code Injection. The vulnerability is due to the improper handling of associative arrays in the second argument of renderWith, where unsanitized user input can be passed directly as a value...

7.2AI score
Exploits0
OSV
OSV
added 2024/05/27 11:7 p.m.5 views

GHSA-VGXH-X8JV-HMFF silverstripe/framework code execution vulnerability

There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...

7.5CVSS7.3AI score
Exploits0References4
Fedora
Fedora
added 2020/09/03 4:27 p.m.40 views

[SECURITY] Fedora 31 Update: lua-5.3.5-8.fc31

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

5.3CVSS2.6AI score0.03833EPSS
Exploits1
Fedora
Fedora
added 2020/08/26 2:53 p.m.75 views

[SECURITY] Fedora 32 Update: lua-5.3.5-8.fc32

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

5.3CVSS2.6AI score0.03833EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2019/10/08 4:9 p.m.37 views

CVE-2017-12193

A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assocarrayapplyedit due to incorrect node-splitting in assocarray...

5.5CVSS2.1AI score0.00451EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/07/30 9:16 a.m.5 views

kernel: dereferencing NULL payload with nonzero length

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

5.5CVSS6.6AI score0.00452EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/16 2:50 a.m.31 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. This occurs in implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged...

5.5CVSS6AI score0.00452EPSS
Exploits0References27Affected Software2
Fedora
Fedora
added 2019/01/30 2:8 a.m.33 views

[SECURITY] Fedora 29 Update: lua-5.3.5-3.fc29

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

7.5CVSS2.6AI score0.17224EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2018/04/10 3:23 p.m.5 views

kernel: dereferencing NULL payload with nonzero length

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

5.5CVSS6.6AI score0.00452EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/10 9:1 a.m.5 views

kernel: dereferencing NULL payload with nonzero length

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

5.5CVSS6.6AI score0.00452EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/01/25 11:18 a.m.7 views

kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation

A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assocarrayapplyedit due to incorrect node-splitting in assocarray...

5.5CVSS6.6AI score0.00451EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/11/13 12:0 a.m.38 views

Virtuozzo 7 : readykernel-patch (VZA-2017-101)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of associative arrays in the Linux kernel. A null pointer dereference could...

5.5CVSS6.4AI score0.00451EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2017/11/13 12:0 a.m.39 views

Virtuozzo 7 : readykernel-patch (VZA-2017-102)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of associative arrays in the Linux kernel. A null pointer dereference could...

5.5CVSS6.4AI score0.00451EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/10/25 12:0 a.m.40 views

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-096)

According to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE...

5.5CVSS6.2AI score0.00452EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/10/12 10:19 a.m.30 views

CVE-2017-15274

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

5.5CVSS5.1AI score0.00452EPSS
Exploits0References1
OSV
OSV
added 2016/11/16 12:0 a.m.3 views

UBUNTU-CVE-2016-7914

The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...

5.5CVSS6.7AI score0.02041EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.35 views

Amazon Linux AMI : python26 (ALAS-2012-98)

A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting data into an array...

5CVSS7AI score0.0562EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 2012/09/06 12:0 a.m.45 views

Mandriva Linux Security Advisory : python (MDVSA-2012:097)

Multiple vulnerabilities has been discovered and corrected in python : The ssl module would always disable the CBC IV attack countermeasure CVE-2011-3389. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local use...

5CVSS6.4AI score0.73327EPSS
Exploits10References5
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.28 views

Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20120130)

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays hashes in Ruby. An attacker able to supply a large number of inputs to a...

7.8CVSS7.2AI score0.04246EPSS
Exploits2References2
Rows per page
Query Builder