2569 matches found
PT-2024-20916 · Rt-Thread · Rt-Thread
Name of the Vulnerable Software and Affected Versions: RT-Thread versions through 5.0.2 Description: A stack buffer overflow occurs in the libc/posix/ipc/mqueue.c file. Recommendations: For RT-Thread versions through 5.0.2, at the moment, there is no information about a newer version that contain...
CVE-2021-47069
A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to...
CVE-2023-52519
CVE-2023-52519 — Linux kernel (intel-ish-hid) : On Elkhart Lake (EHL) based systems, an Out-of-Band wake service can enable PME wake. The ISH driver must re-enable the ACPI GPE bit on resume to preserve wake capability, but BIOS clears the bit without decrementing the OS GPE reference count, caus...
CVE-2021-47069
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
UBUNTU-CVE-2021-47069
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
CVE-2021-47069 ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
CVE-2021-47069
CVE-2021-47069 is a Linux kernel race in IPC paths: do_mq_timedreceive may call wq_sleep with a stack-allocated ewq_addr that can be overwritten, leading to a later access by do_mq_timedsend and a crash. The root cause is a race between the receiver’s stack address and the sender’s use of that ad...
CVE-2021-47069 ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
CVE-2021-47069
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
Security Bulletin: PyArrow is vulnerable to CVE-2023-47248 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses PyArrow which is vulnerable to CVE-2023-47248. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to PyArrow arbitrary code execution vulnerability ( CVE-2023-47248)
Summary Potential PyArrow arbitrary code execution vulnerability has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow...
JVN#83655695: Multiple Dahua Technology products vulnerable to authentication bypass
Multiple products provided by Dahua Technology contain an authentication bypass vulnerability CWE-287. Impact The product's identity verification may be bypassed if a remote attacker sends specially crafted data packets. Solution Update the software Update the software to the latest version...
CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...
CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...
The vulnerability of the microprogrammed software of Zyxel ATP network devices, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN, arises from the execution of operations beyond the buffer limits in memory. This allows attackers to cause service failures.
The vulnerability of the microprogrammed software in Zyxel ATP, USG FLEX, USG FLEX 50W, USG20W-VPN, and VPN network devices is related to the operation of writing data outside the buffer in memory during the processing of the sdwanifaceipc file. Exploiting this vulnerability can allow a malicious...
Fedora 37 : python-geopandas (2023-8857bdcd95)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8857bdcd95 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
Fedora 38 : python-geopandas (2023-c907492c3e)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c907492c3e advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
PYSEC-2023-238
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files...
PYSEC-2023-238
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files...