K22454130: Linux kernel vulnerability CVE-2020-29534

Security Advisory Description An issue was discovered in the Linux kernel before 5.9.3. iouring takes a non-refcounted reference to the filesstruct of the process that submitted a request, causing execve to incorrectly optimize unsharefd, aka CID-0f2122045b94. CVE-2020-29534 Impact There is no...

Security Bulletin: A vulnerability in Libcontainer and Docker Engine affects IBM Decision Optimization in IBM Cloud Pak for Data (CVE-2015-3627)

Summary There is a vulnerability in Libcontainer and Docker Engine used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink vulnerability in...

CVE-2023-22490

A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links CVE-2022-39253, the objects...

Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Decision Optimization in IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in Golang Go used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java ...

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to jsonwebtoken CVEs

Summary There are multiple vulnerabilities in JSON Web Token implementation used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoke...

SUSE CVE-2023-22490

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

SUSE-SU-2023:0430-1 Security update for git

This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport bsc1208027. - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply'...

SUSE-SU-2023:0426-1 Security update for git

This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport bsc1208027. - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply'...

Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Decision Optimization in IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in Golang Go used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial o...

SUSE CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

SUSE CVE-2011-0990

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service plugin crash or...

SUSE CVE-2015-1463

ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...

SUSE CVE-2017-5121

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase...

SUSE CVE-2019-5782

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

SUSE CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

SUSE CVE-2021-29982

Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox 91 and Thunderbird 91...

SUSE CVE-2022-0307

Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

The vulnerabilities of the Citrix ADC application delivery controller (formerly Citrix NetScaler Application Delivery Controller), the Citrix Gateway virtual environment access control system (formerly Citrix NetScaler Gateway), and the Citrix SD-WAN WANOP network management software are related to authentication process flaws, allowing attackers to compromise the confidentiality and integrity of protected information.

The vulnerabilities of the Citrix ADC application delivery controller previously called Citrix NetScaler Application Delivery Controller, the Citrix Gateway virtual environment access control system previously called Citrix NetScaler Gateway, and the Citrix SD-WAN WANOP network management softwar...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Git vulnerabilities (USN-5871-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5871-1 advisory. It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git use...

DEBIAN-CVE-2023-22490

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...