23 matches found
JLSEC-2026-351
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FSsectlinksize of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to t...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992726)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992726 advisory. In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a KMSAN: uninit-value in picklink bug...
kernel security update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
RHEL 9 : kernel (RHSA-2025:20518)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20518 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990817)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990817 advisory. In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a KMSAN: uninit-value in picklink bug...
ALSA-2025:20518 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-46744)
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow
...
SUSE CVE-2025-7069
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FSsectlinksize of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to t...
DEBIAN-CVE-2025-7069
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FSsectlinksize of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to t...
UBUNTU-CVE-2025-7069
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FSsectlinksize of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to t...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5FSsectlinksize function. An attacker can cause a crash or denial of service by providing specially crafted input that triggers a heap-based buffer overflow. Remediation A fix was pushed into the mast...
HDF5 安全漏洞
HDF5 is a library of HDF open source . HDF5 version 1.14.6 there is a buffer overflow vulnerability , the vulnerability stems from the file src/H5FSsection.c function H5FSsectlinksize failed to correctly validate the length of the input data size , a remote attacker can use this vulnerability on...
Amazon Linux 2 : kernel, --advisory ALAS2-2024-2696 (ALAS-2024-2696)
The version of kernel installed on the remote host is prior to 4.14.355-271.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2696 advisory. In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow...
DENX Software Engineering Das U-Boot 安全漏洞
DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1 that stems from an integer overflow in the symbolic link size calculation...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: sanity check for symbolic link sizes Syzkiller reports a bug named “KMSAN: uninit-value in picklink”. This issue is caused by an uninitialized page, which ultimately results from reading a corrupted symbolic link siz...
CLSA-2024-1728936982 kernel: Fix of 86 CVEs
drm/amd/pm: Fix negative array index read CVE-2024-46821 - drm/amd/display: Check gpioid before used as array index CVE-2024-46818 - drm/amd/display: Check linkindex before accessing dc-links CVE-2024-46813 - drm/amd/display: Fix index may exceed array range within fpuupdatebwboundingbox...
CLSA-2024-1728583613 Fix of 18 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-46802 - drm/amd/display: added NULL check at start of dcvalidatestream CVE-url: https://ubuntu.com/security/CVE-2024-46818 - drm/amd/display: fix sporadic multiple aux transaction failure - drm/amd/display: Check gpioid before used as array index...
CVE-2024-46744
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in picklink" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason...
UBUNTU-CVE-2024-46744
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in picklink" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason...