SUSE CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded...

SUSE CVE-2018-20546

There is an illegal READ memory access at caca/dither.c function getrgbadefault in libcaca 0.99.beta19 for the default bpp case...

SUSE CVE-2019-19333

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of...

SUSE CVE-2020-10029

The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to...

SUSE CVE-2020-12965

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage...

SUSE CVE-2020-21840

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bitsearchsentinel ../../src/bits.c:1985...

SUSE CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

SUSE CVE-2021-38171

adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, which is a necessary step because the second argument to initgetbits can be crafted...

SUSE CVE-2021-43533

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox 94...

SUSE CVE-2022-2085

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an initdeviceprocs defined for the device that uses it as a prototype that depends upon the number of bits per...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Linux Linux_Kernel

Bypassing Spectre-BTI User Space Mitigations on Linux Th...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Linux Linux_Kernel

Bypassing Spectre-BTI User Space Mitigations on Linux Th...

GSD-2023-1001731 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

GSD-2023-1000783 drm/msm/dsi: Prevent signed BPG offsets from bleeding into adjacent bits

drm/msm/dsi: Prevent signed BPG offsets from bleeding into adjacent bits This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

CVE-2023-0247

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1...

CVE-2023-0247

CVE-2023-0247 affects the Go library bits-and-blooms/bloom, with versions prior to 3.3.1 vulnerable to an Uncontrolled Search Path Element. The issue originates from how the application resolves search paths, enabling potential path hijacking. Affected product/version: bits-and-blooms/bloom befor...

PT-2023-16110 · Bits And Blooms · Bloom

Name of the Vulnerable Software and Affected Versions: bits-and-blooms/bloom versions prior to 3.3.1 Description: The issue is related to an Uncontrolled Search Path Element in the GitHub repository bits-and-blooms/bloom. Recommendations: For versions prior to 3.3.1, update to version 3.3.1 or...

Single-step process for critical ownership transfer/renounce is risky

Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...

PT-2022-36774 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow WRITE 7 crash type. The crash state involves several functions: bytes copy rectangle zero padding, cmd put...

kernel: dm mirror log: round up region bitmap size to BITS_PER_LONG

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITSPERLONG The code in dm-log rounds up bitsetsize to 32 bits. It then uses findnextzerobitle on the allocated region. findnextzerobitle accesses the bitmap using unsigned long...