22 matches found
MiracleLinux 9 : libxml2-2.9.13-3.el9 (AXSA:2023-4863:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4863:02 advisory. libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 Tenable has...
CVE-2023-52654
A security vulnerability was identified in the Linux kernel's iouring subsystem, specifically related to the handling of file descriptors over UNIX domain sockets. The issue arises from the potential for file reference cycles when iouring file descriptors are transmitted over sockets using the...
DEBIAN-CVE-2023-52654
In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets File reference cycles have caused lots of problems for iouring in the past, and it still doesn't work exactly right and races with unixstreamreadgeneric. The safest fix would b...
UBUNTU-CVE-2023-52654
In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets File reference cycles have caused lots of problems for iouring in the past, and it still doesn't work exactly right and races with unixstreamreadgeneric. The safest fix would b...
SUSE CVE-2023-52654
In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets File reference cycles have caused lots of problems for iouring in the past, and it still doesn't work exactly right and races with unixstreamreadgeneric. The safest fix would b...
CVE-2023-52654
CVE-2023-52654 affects the Linux kernel io_uring implementation in the af_unix path. The issue stems from potential cycles when sending io_uring file objects over sockets via SCM_RIGHT, which could interact with unix_stream_read_generic() and file reference cycles. The mitigation described is to ...
CVE-2023-52654 io_uring/af_unix: disable sending io_uring over sockets
In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets File reference cycles have caused lots of problems for iouring in the past, and it still doesn't work exactly right and races with unixstreamreadgeneric. The safest fix would b...
libxml2: dict corruption caused by entity reference cycles
A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...
libxml2: dict corruption caused by entity reference cycles
A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...
CLSA-2022-1670523520 libxml2: Fix of 2 CVEs
CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...
CLSA-2022-1670523403 libxml2: Fix of 2 CVEs
CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...
CLSA-2022-1670522857 libxml2: Fix of 2 CVEs
CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...
CLSA-2022-1670521677 libxml2: Fix of 2 CVEs
CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...
libxml2: Fix of 2 CVEs
CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...
CLSA-2022-1670518262 Fix CVE(s): CVE-2022-40303, CVE-2022-40304
SECURITY UPDATE: Integer overflows with XMLPARSEHUGE - debian/patches/CVE-2022-40303.patch: Impose size limits when XMLPARSEHUGE is set and add length checks to core parser functions - CVE-2022-40303 SECURITY UPDATE: Dict corruption caused by entity reference cycles -...
libxml2: dict corruption caused by entity reference cycles
A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...
Apple addresses the macOS code execution flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary MacOS Ventura contains two security flaws that can be exploited to cause an integer overflow and execute arbitrary code. The CVE-2022-40303 vulnerability exists as a result of an integer overflow ...
Mageia: Security Advisory (MGASA-2022-0412)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated libxml2 packages fix security vulnerability
Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...
MGASA-2022-0412 Updated libxml2 packages fix security vulnerability
Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...