The vulnerability of the buf_contents_changed() function in the Vim text editor allows a hacker to trigger a service failure.

The vulnerability of the bufcontentschanged function in the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

Malicious code in build-buf-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a304d66d7773527e0729b9cd85dabce6d67e562734ee2297be4fac9ffd6be8b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8552 Malicious code in build-buf-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a304d66d7773527e0729b9cd85dabce6d67e562734ee2297be4fac9ffd6be8b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Unbreakable Enterprise kernel security update

4.14.35-2047.530.5.1 - Revert 'rtnetlink: Reject negative ifindexes in RTMNEWLINK' Saeed Mirzamohammadi Orabug: 35896831 4.14.35-2047.530.5 - netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c Kyle Zeng Orabug: 35824288 CVE-2023-42753 - netfilter: xtu32: validate...

PYSEC-2023-150

Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux Kernel suffers from a memory misreference vulnerability that originates from a confusion in the instruction responsible for freeing memory in the vmxnet3rqallocrxbuf,...

CLSA-2023-1686651204 kernel: Fix of 25 CVEs

cgroup: Use open-time cgroup namespace for process migration perm checks CVE-2021-4197 - cgroup: Use open-time credentials for process migraton perm checks CVE-2021-4197 - vt: drop old FONT ioctls CVE-2021-33656 - fbmem: Check virtual screen sizes in fbsetvar CVE-2021-33655 - fbcon: Prevent that...

kernel: dma-buf/dma-resv: check if the new fence is really later

In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dmaresv object we always assumed the the newer than all the existing fences. With Jason's work to add an UAPI to explicit export/impor...

The vulnerability of the udmabuf_vm_fault() function in the drivers/dma-buf/udmabuf.c module of Linux kernel allows a attacker to escalate their privileges and execute arbitrary code.

The vulnerability of the udmabufvmfault function in the drivers/dma-buf/udmabuf.c module of Linux operating systems is related to unvalidated array indexing due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...

GSD-2023-1002401 s390/decompressor: specify __decompress() buf len to avoid overflow

s390/decompressor: specify decompress buf len to avoid overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.232 by commit...

SUSE CVE-2019-6458

An issue was discovered in GNU Recutils 1.8. There is a memory leak in recbufnew in rec-buf.c when called from recparserset in rec-parser.c in librec.a...

acari-lib (>=0.1.11 <=0.1.12), acme-rs (>=0.1.0 <=0.2.0) +350 more potentially affected by unknown CVE via buf_redux (>=0.1.3 <=0.8.4)

bufredux CARGO version =0.1.3, =0.1.11, =0.1.0, =0.9.2, =0.5.1, =0.2.0, =0.1.0, =0.0.1, =0.1.5, =0.0.5, =0.0.1, =0.1.0, =1.0.0, =0.26.1, =0.26.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0028...

GSD-2022-1007218 soundwire: cadence: Don't overwrite msg->buf during write commands

soundwire: cadence: Don't overwrite msg-buf during write commands This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...

PT-2022-35263 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the soundwire cadence, where msg-buf is overwritten during write commands. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

Unbreakable Enterprise kernel security update

5.15.0-3.60.5.1 - fs: remove nollseek Jason A. Donenfeld Orabug: 34721465 - vfio: do not set FMODELSEEK flag Jason A. Donenfeld Orabug: 34721465 - dma-buf: remove useless FMODELSEEK flag Jason A. Donenfeld Orabug: 34721465 - fs: do not compare against -llseek Jason A. Donenfeld Orabug: 34721465 -...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2022:2173-1 Rating: important References: 1177282 1199365 1200015 1200143 1200144 1200206 1200207 1200249 1200259 1200263 1200268 1200529 Cross-References: CVE-2020-26541 CVE-2022-1966 CVE-2022-1974...

PT-2025-25866

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference can occur when attempting to access the gsm-receive function in gsmld receive buf. This happens because the gsmld receive buf function can be accessed without...

PT-2025-25861

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the dma-buf/dma-resv component, where a check was added to ensure that a new fence is really later than...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2075)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-20228

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...