9185 matches found
K15250: BIND vulnerability CVE-2014-3214
Security Advisory Description The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes...
AlmaLinux 8 : kernel-rt (ALSA-2023:0854)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0854 advisory. - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller driver in the way a user triggers the...
RHEL 8 : kernel-rt (RHSA-2023:0854)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0854 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
RHEL 8 : kernel (RHSA-2023:0832)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0832 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mm/mremap.c use-after-free...
CVE-2021-32845
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pcivtrndnotify fails to check the return value of vqgetchain. This leads to struct iovec iov; being uninitialized and used to read memory i...
CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...
.NET 7.0 bugfix update
An update is available for dotnet7.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
Ubuntu: Security Advisory (USN-5874-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5875-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5875-1 advisory. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote...
SUSE CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...
SUSE CVE-2008-3275
The 1 reallookup and 2 lookuphash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted aka SDEAD directory, which allows local users to cause a denial of service "overflow" of the UBIFS orphan area via a...
SUSE CVE-2009-1685
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of 1 an embedded document or ...
SUSE CVE-2010-2899
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors...
SUSE CVE-2011-1170
net/ipv4/netfilter/arptables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by...
SUSE CVE-2012-2825
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service incorrect read operation via unspecified vectors...
SUSE CVE-2012-6546
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
SUSE CVE-2013-4344
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command...
SUSE CVE-2014-7942
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
SUSE CVE-2014-9428
The batadvfragmergepackets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service mesh-node system crash...
SUSE CVE-2015-6714
The Function bind implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API...