95 matches found
GSD-2022-1006567 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nfnetlinkosf: fix possible bogus match in nfosffind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.71 by commit...
GSD-2022-1005612 of: check previous kernel's ima-kexec-buffer against memory bounds
of: check previous kernel's ima-kexec-buffer against memory bounds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
About the security content of tvOS 15.2
About the security content of tvOS 15.2 This document describes the security content of tvOS 15.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
GSD-2021-1001965 regmap: Fix possible double-free in regcache_rbtree_exit()
regmap: Fix possible double-free in regcacherbtreeexit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.254 by commit...
GSD-2021-1000903 KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...
CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...
Linux kernel llcp_sock_bind() Denial of Service Vulnerability
Linux kernel is an open source operating system. A security vulnerability exists in Linux kernel llcpsockbind, which can be exploited by remote attackers to submit a special request that can crash the system...
CVE-2019-19036
btrfsrootnode in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcudereferenceroot-node can be zero...
CVE-2019-17055
basesockcreate in drivers/isdn/mISDN/socket.c in the AFISDN network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21...
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free...
CVE-2017-18208
CVE-2017-18208 affects the Linux kernel prior to 4.14.4. The vulnerability lies in the MADVISE_WILLNEED handling in mm/madvise.c, where triggering MADVISE_WILLNEED for a DAX mapping allows a local attacker to cause a denial of service via an infinite loop. The issue is local in scope and is tied ...
CVE-2015-8970
crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...
CVE-2015-7550
The keyctlreadkey function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted application that leverag...
PT-2009-3689 · Microsoft · Windows Server 2003 +5
Name of the Vulnerable Software and Affected Versions: Microsoft Windows 2000 version SP4 Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions Gold through SP2 Microsoft Windows Server 2008 version SP2 Description: The issue aris...
CVE-2003-0465
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks...