20 matches found
jq: jq: Denial of Service via crafted JSON object causing hash collisions
A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...
Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8074-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8074-1 advisory. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory...
CVE-2026-0995
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-068)
The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-068 advisory. A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong...
CVE-2024-27379
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinansubscribegetnlparams, there is no input validation check on halreq-numintfaddrpresent coming from userspace, which can lead to a heap overwrite...
Code-Projects Blood Bank Management System å®å Øę¼ę“
Code-Projects Blood Bank Management System is an open source blood bank management system from Code-Projects. A security vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which stems from a problem in an unknown part of the password processor component that causes...
kernel: AMD: Cross-Thread Return Address Predictions
A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure...
Code injection
An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register EPCR are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR...
hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...
hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...
hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)
A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some IntelĀ® Processors may allow an authenticated user to enable information disclosure via local access...
hw: cpu: Intel: information disclosure via local access
A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...
hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)
A flaw was found in hw. Incomplete cleanup in specific special register write operations for some IntelĀ® Processors may allow an authenticated user to enable information disclosure via local access...
hw: Vector Register Data Sampling
A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Fast forward store predictor
A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...
hw: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...
hw: Vector Register Data Sampling
A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...
Cisco NX-OS Denial of Service Vulnerability (CNVD-2018-23895)
Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A denial of service vulnerability exists in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS. The...
FreeBSD-SA-97:06.f00f
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-97:06 Security Advisory FreeBSD, Inc. Topic: Pentium processors have flaw allowing unpriviledged crashes Category: core Module: kern Announced: 1997-12-09 Affects: FreeBSD...