8 matches found
DEBIAN-CVE-2022-50649
In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is masked with 0x07, which means a length of 8, but adp5061chgtype array size is 4, may end up reading 4 elements beyond the end of th...
CVE-2024-38661 s390/ap: Fix crash in AP internal function modify_bitmap()
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...
CVE-2024-38661
CVE-2024-38661 is a Linux kernel vulnerability affecting the s390/ap subsystem. The issue stems from using signed int for internal bitmap-related variables in ap_parse_bitmap_str, allowing overflow during updates to /sys/bus/ap/apmask and related fields, which could trigger a kernel panic (panic_...
GHSA-X4GP-PQPJ-F43Q curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...
K18304067: The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header
Security Advisory Description The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header. This issue occurs when all of the following conditions are met: You configure a positional parameter for an Allowed URL in the...
Code injection
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function coders/bmp.c. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value...
Android on Nexus devices elevation of privilege vulnerability (CNVD-2016-06289)
Android on Nexus is Google's line of high-end phones powered by stock Android. Android before 2016-08-05 on Nexus 5, 7devices An elevation of privilege vulnerability exists that allows an attacker to gain privileges via a carefully crafted mask value provided by the application...
CVE-2014-9868
drivers/media/platform/msm/camerav2/sensor/csiphy/msmcsiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bu...