664 matches found
Updated glib2.0 packages fix security vulnerabilities
Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...
EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2021-1668)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - EFI Development Kit II AARCH64 UEFI FirmwareSecurity Fixes:AuthenticodeVerify calls OpenSSLs d2iPKCS7 API to parse asn encoded signe...
EulerOS Virtualization 2.9.1 : edk2 (EulerOS-SA-2021-1633)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - EFI Development Kit II AARCH64 UEFI FirmwareSecurity Fixes:AuthenticodeVerify calls OpenSSLs d2iPKCS7 API to parse asn encoded signe...
CentOS 8 : freetype (CESA-2020:4952)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4952 advisory. - freetype: Heap-based buffer overflow due to integer truncation in LoadSBitPng CVE-2020-15999 Note that Nessus has not tested for this issue but has instead...
CentOS 8 : dpdk (CESA-2020:4806)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4806 advisory. - dpdk: librtevhost Integer overflow in vhostusersetlogbase CVE-2020-10722 - dpdk: librtevhost Integer truncation in vhostusercheckandallocqueuepair...
Exploit for Improper Access Control in Xen
kernelexploitfactory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. The test is on...
Updated edk2 packages fix multiples security vulnerabilities
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12179. Insufficient memory write check in SMM service for EDK II may allow an authenticated...
CVE-2020-35926
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...
CVE-2020-35926
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...
CVE-2020-35926
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...
CVE-2020-35926
CVE-2020-35926 concerns the nanorand crate for Rust prior to 0.5.1, where random number generators (including ChaCha) could return all zeroes due to integer truncation. This affects RNG implementations for standard unsigned integers and arises from using bit-shifting instead of a direct cast, per...
Rust Security Feature Issue Vulnerabilities
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in nanorand crate before 0.5.1 for Rust that stems from any random number generator even ChaCha returning all zeros due to improper handling of integer truncation...
EDK II Integer Truncation Vulnerability
EDK II is a modern, feature-rich cross-platform firmware development environment for UEFI and the UEFI Platform Initialization PI specification. EDK II suffers from an integer truncation vulnerability that can be exploited by authenticated users to elevate privileges...
CVE-2019-14563
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2019-14563
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...
DEBIAN-CVE-2019-14563
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2019-14563
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2019-14563
CVE-2019-14563 is an EDK II vulnerability described as numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib that can allow an authenticated, local attacker to escalate privileges. The connected advisories (e.g., MiracleLinux AXSA:2020-915, Alibaba Cloud Linux ALINUX3-SA-2022:0098, Oracle Linux...
CVE-2019-14563
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...
CentOS 7 : freetype (RHSA-2020:4907)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4907 advisory. - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...