AZL-57857 CVE-2024-58005 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: 10.693310 T1 tpmtis STM0925:00: 2.0 TPM device-id 0x3, rev-id 0 10.848132 T1 ------------ cut here ------------ 10.853559 T1...

DEBIAN-CVE-2024-42300

In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in zerofsgetgbuf In zerofsgetgbuf, the current task may be migrated to another CPU between zerofsgbufid and spinlock&gbuf-lock. Therefore, zerofsputgbuf will trigger the following issue which was found by stress...

SUSE CVE-2024-2397

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21...

CVE-2024-2397

A flaw was found in tcpdump. Trying to print content from a maliciously crafted .pcap file may lead to an infinite loop, resulting in a denial of service. This issue is considered low severity; for a successful attack to happen, a user must open a crafted file, and it will only crash a single...

PT-2024-20208 · Tcpdump · Tcpdump

Name of the Vulnerable Software and Affected Versions: tcpdump versions from 2023-06-05 to 2024-03-21 git master branch Description: The PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT PPP SERIAL .pcap savefile due to a bug in packet data buffers management...

SUSE CVE-2009-1377

The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...

SUSE CVE-2012-0255

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a message associated with a malformed Four-octet AS Number Capability aka AS4...

GHSA-W7PP-M8WF-VJ6R Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers: pycon outbuf = b"\x00" 32 c = ciphers.CipherAESb"\x00" 32, modes.ECB.encryptor c.updateintob"\x00" 16, outbuf 16 outbuf...

kernel: improper initialization of the "flags" member of the new pipe_buffer

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

ALPINE-CVE-2021-28651

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a...

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

...

UBUNTU-CVE-2015-0841

Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service crash via a long line...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution RCE attacks. The attack exists due to a detached buffer bug that causes arbitrary memory reading and writing that can cause arbitrary code to be executed. This CVE is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294...

kernel: nfsd4: bug in read_buf

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service panic or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the readbuf and...

kernel: nfsd4: bug in read_buf

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service panic or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the readbuf and...