GSD-2021-1002138 RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR

RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.16 by commit...

CVE-2021-41264 UUPSUpgradeable vulnerability in OpenZeppelin Contracts

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and...

DOS by Frontrunning NoteERC20 initialize() Function

Handle leastwood Vulnerability details Impact The scripts/ folder outlines a number of deployment scripts used by the Notional team. Some of the contracts deployed utilise the ERC1967 upgradeable proxy standard. This standard involves first deploying an implementation contract and later a proxy...

Hashicorp HashiCorp Vault 安全特征问题漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. HashiCorp Vault suffers from a security signature issue vulnerability that arises from the product not adding valid access permissions to an underlying database file. An attacker could use this...

Insuffiecient input validation in initialize() in LendingPair.sol

Handle JMukesh Vulnerability details Impact function initialize address lpTokenMaster, address controller, IERC20 tokenA, IERC20 tokenB It lack the input validtion of tokenA and tokenB whether they are different or not , if it is same then we will have two lptoken with same address but different...

GSD-2021-1000838 bonding: init notify_work earlier to avoid uninitialized use

bonding: init notifywork earlier to avoid uninitialized use This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.273 by commit...

Unbreakable Enterprise kernel security update

5.4.17-2102.202.5 - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 CVE-2021-23133 - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860491 CVE-2021-31916 - uek-rpm: update kABI lists for the new symbols Saeed...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.504.2.el7 - md/raid1: properly indicate failure when ending a failed write request Paul Clements Orabug: 32887159 - video: hypervfb: Add ratelimit on error message Michael Kelley Orabug: 32856879 - Drivers: hv: vmbus: Initialize unloadevent statically Andrea Parri Microsoft Orabug:...

GSD-2021-1000578 net: hns3: put off calling register_netdev() until client initialize complete

net: hns3: put off calling registernetdev until client initialize complete This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.42 by commit...

GSD-2021-1000575 net: zero-initialize tc skb extension on allocation

net: zero-initialize tc skb extension on allocation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.42 by commit...

GSD-2021-1000528 net: zero-initialize tc skb extension on allocation

net: zero-initialize tc skb extension on allocation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.9 by commit...

UVI-2021-1000528 net: zero-initialize tc skb extension on allocation

net: zero-initialize tc skb extension on allocation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.9 by commit...

grub2: Out-of-bounds write in grub_usb_device_initialize()

A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the...

dracut bug fix and enhancement update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

Terramaster TOS Permission License and Access Control Issues Vulnerability

Terramaster TOS is a Linux-based operating system dedicated to the erraMaster Cloud Storage NAS server from Shenzhen Tumi Electronic Technology Terramaster in China. A security vulnerability exists in TerraMaster TOS version 4.2.06 and earlier versions, which can be exploited by a remote,...

idm:DL1 and idm:client security, bug fix, and enhancement update

bind-dyndb-ldap 11.3-1 - New upstream release - Resolves: rhbz1845211 ipa 4.8.7-12.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 4.8.7-12 - Require selinux sub package in the proper version Related: RHBZ1868432 - SELinux: do not double-define nodet and pkitomcatcertt...

kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS

Two memory leak flaws were found in the Linux kernel's mwifiexpcieinitevtring function. A local attacker, able to reload the kernel module or hotplug Marvell WiFi hardware using this driver, can cause a denial of service memory consumption by triggering mwifiexmappcimemory failures...

Malicious Package

Overview activerecord-safe-initialize is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid usin...

CVE-2018-11942

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure an...

CVE-2018-11942

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure an...