Lucene search
K

63 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/05 1:15 p.m.5 views

CVE-2022-33741

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS6.9AI score0.00325EPSS
Exploits0References10
OSV
OSV
added 2022/07/05 1:15 p.m.5 views

UBUNTU-CVE-2022-33740

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS6.7AI score0.00322EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
added 2022/07/05 1:15 p.m.2 views

CVE-2022-33742

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS6.9AI score0.00325EPSS
Exploits0References10
OSV
OSV
added 2022/06/17 12:30 a.m.15 views

GHSA-R45X-GHR2-QJXC Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Duplicate Advisory This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references. Original Description Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after...

7.5CVSS6.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/06/17 12:30 a.m.15 views

Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Duplicate Advisory This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references. Original Description Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after...

2.6AI score
Exploits0References3Affected Software1
Microsoft KB
Microsoft KB
added 2022/03/22 12:0 a.m.4 views

March 22, 2022—KB5011558 (OS Build 20348.617) Preview

March 22, 2022—KB5011558 OS Build 20348.617 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...

6.7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/02/15 12:0 a.m.46 views

February 15, 2022—KB5010427 (OS Build 17763.2628) Preview

February 15, 2022—KB5010427 OS Build 17763.2628 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights Updates ...

6.8AI score
Exploits0
OSV
OSV
added 2021/12/29 7:12 p.m.9 views

MGASA-2021-0589 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the...

6.5CVSS6.8AI score0.00353EPSS
Exploits0References5
OSV
OSV
added 2021/12/27 12:15 a.m.4 views

CVE-2021-45706

An issue was discovered in the zeroizederive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2021/10/25 2:15 p.m.2 views

DEBIAN-CVE-2021-0938

In memzeroexplicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5.8AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 2021/09/24 12:0 p.m.26 views

RUSTSEC-2021-0115 `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute. The flaw was corrected in version 1.2 and zeroizedrop on enums now properly...

9.8CVSS9.4AI score0.01191EPSS
Exploits0References3
MSRC
MSRC
added 2021/01/11 6:49 p.m.41 views

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

3.3AI score
Exploits0
MSRC
MSRC
added 2021/01/11 8:0 a.m.15 views

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

4.4AI score
Exploits0
OSV
OSV
added 2019/08/13 4:40 p.m.7 views

USN-4095-2 linux-lts-xenial, linux-aws vulnerabilities

USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux...

9.8CVSS7.3AI score0.06821EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2019/07/23 12:0 a.m.71 views

Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)

It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-11487 Jann Horn discovered that ...

7.8CVSS7AI score0.00989EPSS
Exploits4References5
OSV
OSV
added 2017/01/30 9:59 p.m.3 views

UBUNTU-CVE-2016-9939

Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...

7.5CVSS7.1AI score0.04202EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/09/14 11:57 a.m.17 views

Paragon Initiative Enterprises: Not clearing hex-decoded variable after usage in Authentication

All the sensitive information variables are zeroed from memory, expect the hex2bin value of "validator". https://github.com/paragonie/airship/blob/8f04f071c414c3893cf66311839d20a343af1237/src/Engine/Security/Authentication.phpL223-L236 $stored = \Sodium\hex2bin$record$f'validator';...

0.7AI score
Exploits0
Ubuntu
Ubuntu
added 2014/04/08 12:8 a.m.70 views

USN-2124-2: OpenJDK 6 regression

USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in...

6.3AI score
Exploits0References1
securityvulns
securityvulns
added 2011/01/19 12:0 a.m.65 views

[SECURITY] [DSA 2148-1] Security update for tor

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2148-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2011 http://www.debian.org/security/faq -...

6.8CVSS2.2AI score0.04444EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/01/18 12:0 a.m.20 views

Debian DSA-2148-1 : tor - several vulnerabilities

The developers of Tor, an anonymizing overlay network for TCP, found three security issues during a security audit. A heap overflow allowed the execution of arbitrary code CVE-2011-0427 , a denial of service vulnerability was found in the zlib compression handling and some key memory was...

6.8CVSS8.6AI score0.04444EPSS
Exploits0References4
Rows per page
Query Builder