60 matches found
EUVD-2017-14633
Malware in sbrugna...
ROS-20250814-08
Vulnerability of the createInDir function of the glog library of the Golang programming language is related to errors in reference handling. reference handling errors. Exploitation of the vulnerability may allow an attacker to escalate his privileges and gain unauthorized access to protected...
Amazon Linux 2 : soci-snapshotter (ALASDOCKER-2025-064)
The version of soci-snapshotter installed on the remote host is prior to 0.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-064 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...
USN-7527-1: libfcgi-perl vulnerability
It was discovered that libfcgi-perl incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
Ubuntu 18.04 LTS / 20.04 LTS : KiCad vulnerabilities (USN-7466-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7466-1 advisory. It was discovered that KiCad incorrectly handled memory when opening malicious files. An attacker could possibly use this issue to cause a...
Linux Distros Unpatched Vulnerability : CVE-2024-42063
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN:...
ROS-20241015-05
Nano text editor vulnerability is related to temporary file handling errors. Exploitation exploitation of the vulnerability could allow an attacker to affect data integrity...
PT-2024-6835 · Microsoft · Defender For Endpoint For Linux
Name of the Vulnerable Software and Affected Versions: Microsoft Defender for Endpoint for Linux affected versions not specified Description: The issue is related to errors in handling relative directory paths, which can be exploited to conduct spoofing attacks. Recommendations: At the moment,...
ROS-20240816-15
A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...
ROS-20240409-09
Vulnerability of yasmsectionbcsfirst function of YASM assembler is related to uncontrolled consumption of resources. Exploitation of the vulnerability may allow an attacker to cause a denial of service A vulnerability in the exprdeleteterm function of the YASM assembler is associated with an...
CVE-2023-52582 netfs: Only call folio_start_fscache() one time for each folio
In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache one time for each folio If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths smaller than a page size. When we loop through the folios in...
Design/Logic Flaw
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
SUSE-SU-2023:4214-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Updated to version 115.4.0 ESR bsc1216338: - CVE-2023-5721: Fixed a potential clickjack via queued up rendering. - CVE-2023-5722: Fixed a cross-Origin size and header leakage. - CVE-2023-5723: Fixed unexpected errors when handling inval...
USN-5861-1: Linux kernel (Dell300x) vulnerabilities
It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-43945 Tamás Koczka discovered that th...
PT-2022-4128 · Microsoft · Visual Studio
Name of the Vulnerable Software and Affected Versions: Microsoft Visual Studio affected versions not specified Description: The issue is related to errors in handling input data in Microsoft Visual Studio. It allows a remote attacker to execute arbitrary code by tricking a user into running a...
SUSE-SU-2021:2802-1 Security update for libmspack
This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. bsc1103032 - CVE-2018-14682: There is an off-by-one error in the TOLOWER macro for CHM decompression. bsc1103032 - CVE-2018-14679: There is an off-by-on...
PT-2021-2639 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory within the Windows Event Tracing service, which can allow an attacker to gain unauthorized access to protected information. This...
PT-2020-4320 · Microsoft · Windows Backup Service +1
Name of the Vulnerable Software and Affected Versions: Windows Backup Service affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when the Windows Backup Service improperly handles file operations. To exploit this, an attacker...
PT-2020-4321 · Microsoft · Windows Backup Service +1
Name of the Vulnerable Software and Affected Versions: Windows Backup Service affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when the Windows Backup Service improperly handles file operations. To exploit this, an attacker...
PT-2020-4083 · Microsoft · Windows Gdi +1
Name of the Vulnerable Software and Affected Versions: Windows GDI affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows Graphics Device Interface GDI. This can allow a remote attacker to execute arbitrary code, potentially giving...