215 matches found
CVE-2023-20881
CVE-2023-20881 affects Cloud Foundry CAPI versions 1.140–1.152.0 and Loggregator-agent v7+. The issue allows a user who knows the syslog drain client certificate to override other users’ syslog drain credentials, potentially altering the private key or adding/modifying a Certificate Authority use...
Cloud Foundry CAPI 信任管理问题漏洞
Cloud Foundry CAPI is a cloud controller from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry CAPI versions 1.140 through 1.152.0, Loggregator-agent v7+, and CF Deployment versions 24.7.0 through 29.0.0, which originates in Cloud foundry instanc...
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
K8917: Linux kernel vulnerability CVE-2007-1217
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
SUSE CVE-2006-6106
Multiple buffer overflows in the cmtprecvinteropmsg function in the Bluetooth driver net/bluetooth/cmtp/capi.c in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via CAPI...
SUSE CVE-2007-1217
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service crash and possibly gain privileges via a crafted CAPI packet...
SUSE CVE-2021-43389
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...
kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c
An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...
kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c
An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...
CVE-2021-22100
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...
CVE-2021-22100
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...
Code injection
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...
CVE-2021-22100
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...
CVE-2021-22100
CVE-2021-22100 affects Cloud Foundry CAPI versions prior to 1.122. A misbehaving service broker can cause Cloud Controller (CAPI) instances to timeout, leading to an inability to push or manage applications (Denial of Service). The public sources describe the issue and confirm affected releases i...
CVE-2021-22100: Cloud Controller is vulnerable to denial of service due to misbehaving service brokers | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Controller CAPI is vulnerable to a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail. An attacker can leverage this vulnerability to cau...
Ubuntu: Security Advisory (USN-5210-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5210-2: Linux kernel regression
USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization SEV enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...
Ubuntu: Security Advisory (USN-5218-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5218-1 linux-oem-5.13 vulnerabilities
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...