38 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: vhost-scsi: Protect vq-logused with vq-mutex The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread QEMU-thread vhostscsicompletecmdwork - vhostaddused - vhostaddusedn If...
CLSA-2026-1777662046 vim: Fix of CVE-2022-2183
CVE-2022-2183: fix out-of-bounds read in getlispindent src/indent.c by guarding the that++; amount++; advance with if that != NUL so the lisp auto-indent pointer does not walk past the line's NUL terminator...
kernel: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...
CVE-2023-53751 cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...
EUVD-2015-8649
Malware in sbrugna...
CVE-2022-50333 fs: jfs: fix shift-out-of-bounds in dbDiscardAG
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor...
CVE-2022-48770
In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL ptregs in bpfgettaskstack taskptregs can return NULL on powerpc for kernel threads. This is then used in bpfgetstack to check for user mode, resulting in a kernel oops. Guard against this by...
CVE-2024-0220
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
CVE-2024-0220
Affected software: B&R Automation Studio Upgrade Service and B&R Technology Guarding. Issue: insufficient cryptography in communications with upgrade and licensing servers, enabling a network attacker to potentially execute arbitrary code or sniff sensitive data. Root cause: cryptographic weaknes...
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
K09052213: glibc vulnerability CVE-2015-8777
Security Advisory Description The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable. CVE-2015-8777 Impact This vulnerability may...
AMD System Management Unit (SMU) 资源管理错误漏洞
The AMD System Management Unit SMU is a system management unit at UltraMicroelectronics AMD. A security vulnerability exists in AMD System Management Unit SMU that stems from insufficient guarding and checking, resulting in access to invalid message port registers, which could lead to a denial of...
SUSE: Security Advisory (SUSE-SU-2016:0473-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1200)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack overflow vulnerability was found in nan functions that could cause applications, which process long strings with the nan function, to cra...
Medium: glibc
Issue Overview: Unbounded stack allocation in catopen function A stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.CVE-2015-8779 Integer overflow in hcreate...
SUSE-SU-2016:3162-1 Security update for pacemaker
This update for pacemaker fixes one security issue and several non-security issues. The following security issue has been fixed: - libcrmcommon: Fix improper IPC guarding. bsc1007433, CVE-2016-7035 The following non-security issues have been fixed: - Add logrotate to reqs of pacemaker-cli. - Add...
openSUSE Security Update : pacemaker (openSUSE-2016-1447)
This update for pacemaker fixes the following issues : - remote: Allow cluster and remote LRM API versions to diverge bsc1009076 - libcrmcommon: fix CVE-2016-7035 improper IPC guarding bsc1007433 - sysconfig: minor tweaks typo, wording - spec: more robust check for systemd being in use - spec:...
SUSE-SU-2016:2974-1 Security update for pacemaker
This update for pacemaker fixes the following issues: - remote: Allow cluster and remote LRM API versions to diverge bsc1009076 - libcrmcommon: fix CVE-2016-7035 improper IPC guarding bsc1007433 - sysconfig: minor tweaks typo, wording - spec: more robust check for systemd being in use - spec:...
SUSE-SU-2016:2869-1 Security update for pacemaker
This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2016-7797: Notify other clients of a new connection only if the handshake has completed bsc967388, bsc1002767. - CVE-2016-7035: Fixed improper IPC guarding in pacemaker bsc1007433. Bug fixes: - bsc1003565: crmd:...
Fedora 25 : pacemaker (2016-c1cbcc4528)
Security fix for CVE-2016-7035 improper IPC guarding Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...