SUSE CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

SUSE CVE-2011-1494

Integer overflow in the ctldomptcommand function in drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service memory corruption via an ioctl call specifying a crafted value that triggers a heap-based buffer...

SUSE CVE-2013-7446

Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls...

SUSE CVE-2017-6458

Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable...

SUSE CVE-2019-6445

An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntpcontrol.c, related to ctlgetitem...

SUSE CVE-2019-6443

An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctlgetitem, there is a stack-based buffer over-read in readsysvars in ntpcontrol.c in ntpd...

CVE-2022-36855

A use after free vulnerability in ivactl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

CVE-2022-36855

A use after free vulnerability in ivactl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

PT-2022-23659 · Iva Ctl · Iva Ctl

Name of the Vulnerable Software and Affected Versions: iva ctl driver versions prior to SMR Sep-2022 Release 1 Description: A use after free issue in the iva ctl driver allows an attacker to cause a memory access fault. Recommendations: For versions prior to SMR Sep-2022 Release 1, update to SMR...

PT-2022-4880 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds access in the Linux kernel sound subsystem, specifically with the get ctl id hash function. This occurs when the id-name parameter does not end...

Format string modifiers in card label

Description When adding a new video device with v4l2loopback-ctl that contains a card label with format string modifiers the kernel driver interprets these when querying the device capabilities, thus leaking kernel memory stack contents. The vulnerability requires the attacker to have access to t...

Malicious code in dazaar-search-ctl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0509f3481bb63efd07aa623e6989543e01effcd23317762dff5cf7ad493643d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2361 Malicious code in dazaar-search-ctl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0509f3481bb63efd07aa623e6989543e01effcd23317762dff5cf7ad493643d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CLSA-2021-1634922771 Fixed CVEs in microcode_ctl: CVE-2020-24511, CVE-2020-24512, CVE-2020-24489, CVE-2020-24513

Do not use "grep -q" in a pipe in checkcaveats. - Update Intel CPU microcode to microcode-20210608 release: - Fixes in releasenote.md file. - Update Intel CPU microcode to microcode-20210525 release, addresses CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, and CVE-2020-24513 1962659, 1962709,...

DEBIAN-CVE-2020-0466

In doepollctl and eploopcheckproc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...

CVE-2020-0466

In doepollctl and eploopcheckproc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...

PT-2020-6008 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.3 Description: The issue is related to the function snd ctl elem add in the Linux kernel, specifically with the line count = info-owner, which can lead to errors when multiplying private size count. This coul...

CVE-2019-15897

beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server which is typically not exposed to external networks...

UBUNTU-CVE-2019-12456

An issue was discovered in the MPT3COMMAND case in ctlioctlmain in drivers/scsi/mpt3sas/mpt3sasctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of iocnumber between two kernel reads of that...

PT-2019-4979 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.1.5 Description: An issue was discovered in the MPT3COMMAND case in ctl ioctl main in drivers/scsi/mpt3sas/mpt3sas ctl.c. It allows local users to cause a denial of service or possibly have unspecified other...