RUSTSEC-2020-0068 Unexpected panic in multihash `from_slice` parsing code

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c

A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system...

CVE-2020-27014

Trend Micro Antivirus for Mac 2020 Consumer contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the...

CVE-2020-27014

Trend Micro Antivirus for Mac 2020 Consumer contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the...

Race condition

Trend Micro Antivirus for Mac 2020 Consumer contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the...

CVE-2020-27014

Trend Micro Antivirus for Mac 2020 Consumer contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the...

Security Bulletin: IBM API Connect V 2018 is impacted by a vulnerability in Go (Golang) (CVE-2020-7919)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score...

Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability

Summary IBM Security Guardium has addressed the following vulnerability Vulnerability Details CVEID: CVE-2019-11478 DESCRIPTION: Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective...

kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality...

kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality...

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation insert_from can have a memory-safety issue upon a panic.

...

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation clone can have a memory-safety issue upon a panic.

...

Security update for samba (important)

openSUSE Security Update: Security update for samba Announcement ID: openSUSE-SU-2020:1526-1 Rating: important References: 1176579 Cross-References: CVE-2020-1472 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for samba fixe...

CVE-2020-25795

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insertfrom can have a memory-safety issue upon a panic...

DEBIAN-CVE-2020-25795

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insertfrom can have a memory-safety issue upon a panic...

CVE-2020-25794

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic...

DEBIAN-CVE-2020-25794

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic...

Information disclosure

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic...

UBUNTU-CVE-2020-25794

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic...

UBUNTU-CVE-2020-25795

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insertfrom can have a memory-safety issue upon a panic...