57 matches found
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
UBUNTU-CVE-2023-52988
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath sndhdagetconnections can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ALSA hda/via component potentially accessing negatively indexed arrays in the addsecretdacpath function...
February 11, 2025—KB5052000 (OS Build 17763.6893) - EXPIRED
February 11, 2025—KB5052000 OS Build 17763.6893 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For...
February 11, 2025—KB5052072 (Security-only update)
February 11, 2025—KB5052072 Security-only update End of support information Windows Server 2008 Premium Assurance ends on January 13, 2026.Windows Server 2008 SP2 Extended Security Updates ESU ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on Januar...
CVE-2024-27008
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in case dcb-or is zero because ffsdcb-or is used as index there. The 'or...
CVE-2024-27008
CVE-2024-27008 is confirmed in the connected MiracleLinux advisories as a Linux kernel vulnerability affecting the drm nv04 driver. Description: when Output Resource (dcb->or) is assigned in fabricate_dcb_output(), there can be an out-of-bounds access to the dac_users array if dcb->or is ze...
carpo (>=0.1.2 <=0.1.3), chimper (>=0.1.2 <=0.2.1) +7 more potentially affected by unknown CVE via conrod (>=0.51.1 <=0.61.1)
conrod CARGO version =0.51.1, =0.1.2, =0.1.2, =0.1.0, =1.0.0, =0.1.0, =0.2.0, =1.0.0, =0.1.0, =0.1.4 - turbine =0.0.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0397...
kernel: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
A vulnerability was found in the Linux kernel's ALSA subsystem in the addsecretdacpath function, where improper array handling can lead to out-of-bounds access. This occurs if the return value of the call to sndhdagetconnections returns an error code a negative number, which is stored in the...
SUSE CVE-2010-0728
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAPDACOVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client...
SUSE CVE-2016-10907
An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755parsedt...
Debian: Security Advisory (DSA-5161-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2022-23132
During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...
UBUNTU-CVE-2022-23132
During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
Design/Logic Flaw
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
Charm 加密问题漏洞
Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. A cryptographic issue vulnerability exists in Charm version 0.43. Using this vulnerability any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
CVE-2021-37587
Charm 0.43 contains a cryptographic weakness where any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. The vulnerability is documented across multiple sources (NVD, OSV, CNVD/CNNVD and CVE listings). Exploitation status is not detailed in the provided fragments; no patch/version remediation...