208 matches found
SUSE CVE-2023-28643
Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to name 2. It is recommended that the Nextcloud Server...
CVE-2023-28643
Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to name 2. It is recommended that the Nextcloud Server...
CVE-2023-28643
CVE-2023-28643 affects Nextcloud Server. When two shares with the same name are sent to the same recipient while a memory cache is enabled, the second share can overwrite the first instead of being renamed to “{name} (2)”. This is documented across multiple sources in the connected set and is mit...
CVE-2023-28643 Potential share collision for recipients when caching is enabled in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to name 2. It is recommended that the Nextcloud Server...
Potential share collision for recipients when caching is enabled
None...
K20001553: Libgcrypt vulnerability CVE-2018-0495
Security Advisory Description Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the...
SUSE CVE-2016-1636
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity...
SUSE CVE-2018-12433
DISPUTED cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the...
SUSE CVE-2018-12435
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...
SUSE CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...
SUSE CVE-2021-41177
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits as as AnonRateThrottle or UserRateThrottle was thus not rat...
PT-2023-2471 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.9 Nextcloud Server versions prior to 25.0.3 Description: The issue is related to the handling of shared resources with the same name in Nextcloud Server, particularly when a memory cache is configured. ...
PT-2025-49495
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc2 19 Description The Linux kernel contains an issue within the dm cache component. Specifically, the background tracker's queued work is not properly freed in the btracker destroy function. This can lead ...
PT-2024-8452 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free error in the kobject del function, which can be caused by a double free of kmem cache. This error occurs when the slub debug test is run with t...
CVE-2021-41177
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits as as AnonRateThrottle or UserRateThrottle was thus not rat...
CVE-2021-22556
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...
Integer overflow
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...
CVE-2021-22556
CVE-2021-22556 affects the Fuchsia kernel. A integer overflow flaw lets a user with code execution issue memory cache invalidation on pages they don’t own, enabling control of kernel memory from userspace. Remediation per sources: upgrade to kernel version 4.1 or beyond. Other connected sources c...
CVE-2021-22556 Integer Overflow in Fuchsia Kernel
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
l4srs Rust implementation of the Log 4 Shell log 4 j - CVE-20...