63 matches found
CVE-2022-33741
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
UBUNTU-CVE-2022-33740
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
CVE-2022-33742
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
GHSA-R45X-GHR2-QJXC Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
Duplicate Advisory This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references. Original Description Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after...
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
Duplicate Advisory This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references. Original Description Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after...
March 22, 2022—KB5011558 (OS Build 20348.617) Preview
March 22, 2022—KB5011558 OS Build 20348.617 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...
February 15, 2022—KB5010427 (OS Build 17763.2628) Preview
February 15, 2022—KB5010427 OS Build 17763.2628 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights Updates ...
MGASA-2021-0589 Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the...
CVE-2021-45706
An issue was discovered in the zeroizederive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum...
DEBIAN-CVE-2021-0938
In memzeroexplicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
RUSTSEC-2021-0115 `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute. The flaw was corrected in version 1.2 and zeroizedrop on enums now properly...
Building Faster AMD64 Memset Routines
Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...
Building Faster AMD64 Memset Routines
Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...
USN-4095-2 linux-lts-xenial, linux-aws vulnerabilities
USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux...
Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)
It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-11487 Jann Horn discovered that ...
UBUNTU-CVE-2016-9939
Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...
Paragon Initiative Enterprises: Not clearing hex-decoded variable after usage in Authentication
All the sensitive information variables are zeroed from memory, expect the hex2bin value of "validator". https://github.com/paragonie/airship/blob/8f04f071c414c3893cf66311839d20a343af1237/src/Engine/Security/Authentication.phpL223-L236 $stored = \Sodium\hex2bin$record$f'validator';...
USN-2124-2: OpenJDK 6 regression
USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in...
[SECURITY] [DSA 2148-1] Security update for tor
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2148-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2011 http://www.debian.org/security/faq -...
Debian DSA-2148-1 : tor - several vulnerabilities
The developers of Tor, an anonymizing overlay network for TCP, found three security issues during a security audit. A heap overflow allowed the execution of arbitrary code CVE-2011-0427 , a denial of service vulnerability was found in the zlib compression handling and some key memory was...