612 matches found
Integer Overflow to Buffer Overflow
Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow vi DFAContentModel::countLeafNodes and DFAContentModel::buildDFA. An attacker can cause out-of-bound access by sending a specially crafted HTTP request. Remediation Upgrade xerces-c to version 3.2.4 o...
The vulnerability of the Multicast Leaf Recycle Elimination (mLRE) function in the Cisco IOS XE operating system for Cisco ASR Series 1000 routers allows a attacker to trigger a service failure.
The vulnerability of the Multicast Leaf Recycle Elimination mLRE function in the Cisco IOS XE router operating system from the Cisco ASR series 1000 is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to trigger a service failure...
CVE-2023-20187
CVE-2023-20187 affects Cisco IOS XE Software for the ASR 1000 Series (Multicast Leaf Recycle Elimination, mLRE). The issue is triggered by handling of certain IPv6 multicast packets fanned out more than seven times, enabling an unauthenticated remote attacker to cause a device reload and DoS. Con...
PT-2023-5643 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers affected versions not specified Description: A vulnerability in the Multicast Leaf Recycle Elimination mLRE feature could allow an unauthenticated, remote attacker t...
PT-2023-8799 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's 8250 port component, where an error in handling IRQ data can lead to a kernel NULL pointer dereference. This occurs when the leaf driver uses...
palmleafpediatrics.com Cross Site Scripting vulnerability OBB-3650489
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
AlmaLinux 9 : openssl (ALSA-2023:3722)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3722 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include...
RHEL 9 : openssl (RHSA-2023:3722)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3722 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-2650 openssl: Denial of service by...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
SUSE CVE-2022-48437
An issue was discovered in x509/x509verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509verifyctxaddchain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed...
PT-2023-15779 · Openbsd +1 · Openbsd +2
Name of the Vulnerable Software and Affected Versions: LibreSSL versions prior to 3.6.1 OpenBSD versions prior to 7.2 errata 001 Description: An issue was discovered in the x509/x509 verify.c file. The function x509 verify ctx add chain does not store errors that occur during leaf certificate...
Invalid certificate policies in leaf certificates are silently ignored
...
Authorization Bypass
openssl is vulnerable to Authorization Bypasses. Invalid certificate policies in leaf certificates are ignored by OpenSSL, allowing malicious CA to bypass policy checking. Policy processing is disabled by default, but can be enabled by passing the '-policy' argument to command line utilities or...
No space to leaf-coalesce
Space is not reclaimed during a garbage collection or leaf coalesce operation. SMlog reports "No space to leaf-coalesce... but enough space if skip snap-coalesce"...
SUSE CVE-2023-0465
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...