CVE-2020-24722

An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...

Linux Distros Unpatched Vulnerability : CVE-2023-54080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: zoned: skip splitting and logical rewriting on pre-alloc write When doing a relocation, there is a chance that at the time of btrfsrelocclonecsums, there...

SUSE CVE-2023-54080

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: skip splitting and logical rewriting on pre-alloc write When doing a relocation, there is a chance that at the time of btrfsrelocclonecsums, there is no checksum for the corresponding region. In this case,...

EUVD-2023-60365

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: skip splitting and logical rewriting on pre-alloc write When doing a relocation, there is a chance that at the time of btrfsrelocclonecsums, there is no checksum for the corresponding region. In this case,...

CVE-2023-54080

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: skip splitting and logical rewriting on pre-alloc write When doing a relocation, there is a chance that at the time of btrfsrelocclonecsums, there is no checksum for the corresponding region. In this case,...

CVE-2023-54080

CVE-2023-54080 affects the Linux kernel in the btrfs zoned relocation path. When relocating and the corresponding region has no checksum, btrfs_finish_ordered_zoned() may reference an invalid checksum item, causing ordered_extent’s logical address to become invalid and later trigger a NULL pointe...

CVE-2023-54080 btrfs: zoned: skip splitting and logical rewriting on pre-alloc write

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: skip splitting and logical rewriting on pre-alloc write When doing a relocation, there is a chance that at the time of btrfsrelocclonecsums, there is no checksum for the corresponding region. In this case,...

Linux Distros Unpatched Vulnerability : CVE-2022-31156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies eith...

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic that stems from a lack of checksum validation of the provided imagesource URL. The following versions...

WordPress plugin Export customers list csv for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Export customers...

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a lack of checksums on reads in the HWKEYMASTER module...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the Huawei HarmonyOS weaver module, which stems from A vulnerability in the Huawei HarmonyOS weaver module in which the...

Huawei HarmonyOS SQL注入漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a lack of security checksum vulnerability in a component of HarmonyOS. Successful...

CVE-2020-24722

An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...

Huawei P30 Pro Path Traversal Vulnerability

Huawei P30 Pro is a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in a module in versions prior to Huawei P30 Pro 10.1.0.160 C00E160R2P8, which stems from a function of the module missing a specific checksum when processing messages sent by other modules. An...

krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

Rebase aide to 0.13.1

Red Hat Enterprise Linux RHEL 5 ships the rpm for the Advanced Intrusion Detection Environment AIDE before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files...