611 matches found
DEBIAN-CVE-2023-0465
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...
UBUNTU-CVE-2023-0465
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...
PT-2023-3200
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The issue is related to the handling of invalid certificate policies in leaf certificates by OpenSSL. When a non-default option is used for verifying certificates, applications may be...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
K16937: OpenSSL vulnerability CVE-2015-1793
Security Advisory Description Description The X509verifycert function in crypto/x509/x509vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof ...
SUSE CVE-2006-4336
Buffer underflow in the buildtree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index...
SUSE CVE-2012-4213
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via unspecified vectors...
SUSE CVE-2016-7914
The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...
SUSE CVE-2021-28710
certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures page tables may and, on suitable hardware, by default will be shared between CPUs, for second-level translation EPT, and IOMMUs. These page tables are presently set up to alwa...
SUSE CVE-2021-28906
In function readyinleaf in libyang extr is NULL. In some cases, it can be NULL, which leads to the operation of retval-extr-flags that results in a crash...
SUSE CVE-2022-42703
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anonvma double reuse...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1147)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GSD-2022-1007698 arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud
arm64/mm: fix incorrect filemapcount for non-leaf pmd/pud This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...
Cross-site Scripting (XSS)
Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Cross-site Scripting XSS with untrusted user input. If an attacker managed to find a variable that was rendered with their unsanitized...
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
...
Merkle verifier library verifies intermediate inputs
Lines of code Vulnerability details Vulnerability details Description MerkleVerifier provides a set of functions for verification of a Merkle proof by performing an inclusion check of input against a binary tree. This is implemented as consecutively hashing concatenated sibling nodes until a root...
CVE-2022-42703
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anonvma double reuse...
DEBIAN-CVE-2022-42703
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anonvma double reuse...
AZL-11094 CVE-2022-42703 affecting package kernel for versions less than 5.15.74.1-3
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anonvma double reuse...
Design/Logic Flaw
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anonvma double reuse...