28980 matches found
CVE-2023-52767
In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...
CVE-2023-52828 bpf: Detect IP == ksym.end as part of BPF program
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...
CVE-2023-52828
CVE-2023-52828 (Linux kernel) : The vulnerability arises from BPF verifier handling after a bpf_throw call. Because bpf_throw is the first noreturn call in the verifier, dead code elimination causes subsequent instructions to be treated as unseen, which can affect stack unwinding when a program t...
CVE-2023-52828 bpf: Detect IP == ksym.end as part of BPF program
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...
CVE-2023-52828
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...
CVE-2023-52828 bpf: Detect IP == ksym.end as part of BPF program
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...
CVE-2023-52767 tls: fix NULL deref on tls_sw_splice_eof() with empty record
In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...
CVE-2023-52767 tls: fix NULL deref on tls_sw_splice_eof() with empty record
In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...
CVE-2023-52767
In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...
app.contadu.com Cross Site Scripting vulnerability OBB-3929503
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
DEBIAN-CVE-2021-47303
In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling mappoketrack, but on program release there is no hook to call mappokeuntrack. However, on program release, the aux memory and poke...
CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
UBUNTU-CVE-2021-47303
In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling mappoketrack, but on program release there is no hook to call mappokeuntrack. However, on program release, the aux memory and poke...
CVE-2021-47428 powerpc/64s: fix program check interrupt emergency stack path
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
CVE-2021-47428
CVE-2021-47428 is a Linux kernel issue in powerpc/64s emergency stack handling where the emergency path could jump into a non-trivial macro path; the fix avoids numeric labels when jumping over macros. Several vendor/MiracleUnity advisories reference the same patch and include the same descriptio...
CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...
CVE-2021-47383 tty: Fix out-of-bound vmalloc access in imageblit
In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUTVSCREENINFO passing the fbvarscreeninfo struct containing only the fields xres, yres, and bitsperpixel with values...
CVE-2021-47303 bpf: Track subprog poke descriptors correctly and fix use-after-free
In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling mappoketrack, but on program release there is no hook to call mappokeuntrack. However, on program release, the aux memory and poke...
The Wordfence Affiliate Program Officially Launches Today
Today, we are officially launching the Wordfence Affiliate Program. If you love securing WordPress and are passionate about helping make the Web a safer place, click here to apply to the program now. This is an exciting opportunity for us to give back to our incredible community who have been...