hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation eIBRS capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer RSB...

The vulnerability in the parser.c component of the Libxml2 library allows a hacker to trigger a service failure.

The vulnerability of the parser.c component in the Libxml2 library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to cause service failures...

Exploiting null-dereferences in the Linux kernel

Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for...

GSD-2023-1000842 MIPS: vpe-mt: fix possible memory leak while module exiting

MIPS: vpe-mt: fix possible memory leak while module exiting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

The gotcha of unhandled promise rejections

Let's say you wanted to display a bunch of chapters on the page, and for whatever reason, the API only gives you a chapter at a time. You could do this: async function showChapterschapterURLs for const url of chapterURLs const response = await fetchurl; const chapterData = await response.json;...

ISC BIND DoS Vulnerability (CVE-2012-5689) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

ISC BIND DoS Vulnerability (CVE-2016-1286) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

ISC BIND DoS Vulnerability (CVE-2016-1285) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

DEBIAN-CVE-2022-31738

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

The vulnerability of the link counting function in the BSS mode of the Linux operating system’s kernel allows a hacker to execute arbitrary code.

The vulnerability of the link counting function in the BSS mode of the Linux operating system’s kernel is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to execute arbitrary code...

hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation eIBRS capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer RSB...

Permanent freeze of yield when TokenSender rewards bank is depleted and deposit or withdraw is called.

Lines of code Vulnerability details Description In collateral deposit and withdraw flow, a fee is calculated as a percentage of user's requested amount. It is passed to the DepositHook and WithdrawHook, for example in deposit: uint256 amountAfterFee = amount - fee; if addressdepositHook != addres...

PT-2022-36510 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.265 Description: The issue is related to a warning in the ip6 route net exit late function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-36238 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.78 Description: The issue is related to a warning in the ip6 route net exit late function. The actual impact and attack plausibility have not yet been proven. It was introduced in version v2.6.26 and fixed...

PT-2022-36491 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to a use-after-free in the snd soc exit function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior ...

PT-2022-36602 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.334 Description: The issue is related to the removal of exit for snd soc util exit in the ASoC soc-utils. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kerne...

PT-2022-36186 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.80 Description: The issue is related to a use-after-free in the snd soc exit function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior t...

PT-2022-36488 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to the ASoC soc-utils, where the removal of exit for snd soc util exit may potentially lead to security vulnerabilities. However, the actual impact and attack...

PT-2024-11848 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc7-00103-gef4d3ea40565 Description: The issue is related to a null pointer dereference bug in the io tctx exit cb function. This bug can cause a kernel panic when the task exits to userspace. The problem...

PT-2024-11838 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a PCI device reference count leak in the Linux kernel's gpio component, specifically in the amd8111 driver. The problem arises from the incorrect handling of...