UBUNTU-CVE-2023-52501

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed th...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. The Linux kernel suffers from a security vulnerability that arises from the fact that dh-dccphx is the 9th byte offset 8 of "struct dccphdr" instead of the 7th byte...

USN-6663-1: OpenSSL update

As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks...

USN-6663-1 openssl update

As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks...

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion bypassing standard safeguards like timeouts and body size limits.

...

Fedora 39 : kernel (2024-88847bc77a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-88847bc77a advisory. The 6.7.5 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

DEBIAN-CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

AZL-34461 CVE-2024-22019 affecting package nodejs18 for versions less than 18.20.2-1

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

SUSE CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-22019

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. Node.js suffers from a security vulnerability that stems from a lack of protection against block-extended bytes. An attacker exploits the vulnerability to send specially crafted HTTP requests using chunked encoding, resulti...

CVE-2024-25739

A flaw was found in the Linux kernel. The createemptylvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB size is smaller than a single volume table record. This issue can result in a denial of service...

SUSE CVE-2024-25739

createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-lebsize...

CVE-2024-25739

createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-lebsize...

DEBIAN-CVE-2023-52429

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

CVE-2023-52429

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

UBUNTU-CVE-2024-25739

createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-lebsize...

CVE-2023-52429

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...