PT-2024-40054 · Unknown · Kvm-Ioctls

Name of the Vulnerable Software and Affected Versions: kvm-ioctls versions 0.1.0 through 0.19.0 Description: An issue in the VmFd::create device function leads to undefined behavior and miscompilations due to a violation of Rust's pointer safety rules. The function incorrectly downcasts a mutable...

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

CVE-2024-31990

CVE-2024-31990 affects Argo CD: the API server did not enforce project sourceNamespaces, enabling UI-edited resources that should be controlled by gitops. Connected sources confirm this issue in Argo CD and link to fixes in version 2.10.7, 2.9.12, and 2.8.16. Remediation is upgrading to one of th...

Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`

The VariantStrIter::implget function called internally by implementations of the Iterator and DoubleEndedIterator traits for this type was unsound, resulting in undefined behaviour. An immutable reference &p to a mut libc::cchar pointer initialized to NULL was passed as an argument to a C functio...

PT-2024-40972 · Glib · Glib

Name of the Vulnerable Software and Affected Versions: glib versions 0.15.0 and later Description: The issue arises from the VariantStrIter::impl get function, which was unsound and resulted in undefined behavior. This function, called internally by implementations of the Iterator and...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2022-32932 : ZinComputeProgramUpdateMutables OOB write d...

BIT-TENSORFLOW-2022-23574 Out of bounds read and write in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

python-cryptography security update

36.0.1-4.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36119159 36.0.1-4 - Fix FTBFS caused by rsapkcs1implicitrejection OpenSSL feature, resolves rhbz2203840 36.0.1-3 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz21723...

`openssl` `X509StoreRef::objects` is unsound

This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound. Use of this function should be replaced with X509StoreRef::allcertificate...

Oracle Linux 9 : python-cryptography (ELSA-2023-6615)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6615 advisory. - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz2172399 Tenable has extracted the preceding description block directly fr...

GHSA-6878-6WC2-PF5H Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

RUSTSEC-2023-0068 Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

CVE-2023-44123

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAGMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Bluetooth "com.lge.bluetoothsetting" app. The attacker's app, if it had access to app notifications, could intercept...

CVE-2023-43631

The CVE-2023-43631 issue affects the Pillar/EVE container in EVE OS. On boot, the container checks for /config/authorized_keys and, if a valid public key is present, enables SSH on port 22 for root login. The /config partition is not protected by measured boot, is mutable, and unencrypted, allowi...

protobuf-java: timeout in parser leads to DoS

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

protobuf-java: Message-Type Extensions parsing issue leads to DoS

A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbag...

protobuf-java: Textformat parsing issue leads to DoS

A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection...

RUSTSEC-2023-0046 Misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...