205 matches found
CVE-2023-3966
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...
CVE-2023-3966
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...
io_uring __io_uaddr_map() Dangerous Multi-Page Handling
iouring: iouaddrmap handles multi-page region dangerously iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. A comment in iouaddrmap explains that the imported...
SUSE: Security Advisory (SUSE-SU-2023:4586-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:4543-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Impact An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. Patches The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserti...
`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses
An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...
K38456756: Kernel vulnerability CVE-2018-18445
Security Advisory Description In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandles 32-bit right shifts...
K13323323: iRules LX vulnerability CVE-2021-22973
Security Advisory Description JSON parser function does not protect against out-of-bounds memory accesses or writes. CVE-2021-22973 Impact The Traffic Management Microkernel TMM may exit and restart while processing JSON payload with iRules LX commands, leading to a failover event. Security...
Design/Logic Flaw
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, an untrusted operating system attacking a secure enclave can recover an RSA private key after observing the victim performing a single...
CVE-2022-46392
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, an untrusted operating system attacking a secure enclave can recover an RSA private key after observing the victim performing a single...
CVE-2022-46392
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, an untrusted operating system attacking a secure enclave can recover an RSA private key after observing the victim performing a single...
CVE-2022-46392
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, an untrusted operating system attacking a secure enclave can recover an RSA private key after observing the victim performing a single...
[SECURITY] [DLA 3214-1] libraw security update
Debian LTS Advisory DLA-3214-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne November 30, 2022 https://wiki.debian.org/LTS Package : libraw Version : 0.19.2-2+deb10u2 CVE ID : CVE-2020-15503 This update adds size checks to thumbnail extraction. Prior to these...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.1.6)
The version of AOS installed on the remote host is prior to 6.0.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0.1.6 advisory. - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way i...
x86 pv: Insufficient care with non-coherent mappings
ISSUE DESCRIPTION Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's...
CVE-2021-26369
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses...
CVE-2021-26369
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses...
GSD-2022-1002479 netlabel: fix out-of-bounds memory accesses
netlabel: fix out-of-bounds memory accesses This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.163 by commit...
GSD-2022-1001389 netlabel: fix out-of-bounds memory accesses
netlabel: fix out-of-bounds memory accesses This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.0 by commit...