CVE-2026-43209

CVE-2026-43209 – minix filesystem sanity check in Linux kernel : The minix filesystem implementation lacked proper sanity checks in minix_check_superblock(), notably for s_log_zone_size, which the patch now enforces (only 0 is supported). The update also adds sanity checks for other superblock fi...

CVE-2020-7302

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking...

CVE-2022-48938

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

CVE-2022-48938 CDC-NCM: avoid overflow in sanity checking

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

CVE-2022-48938 CDC-NCM: avoid overflow in sanity checking

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver CVE-2017-12762 - kernel: lack of port...

GSD-2023-1001856 Squashfs: fix handling and sanity checking of xattr_ids count

Squashfs: fix handling and sanity checking of xattrids count This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

Fedora: Security Advisory for adns (FEDORA-2020-530188bf36)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Arbitrary Code Execution

xen is vulnerable to arbitrary code execution. Lack of adequate sanity-checking of data received via the "net socket listen" option. A malicious local administrator of a guest domain could trigger this flaw to potentially execute arbitrary code outside of the domain...

Fedora 29 : zchunk (2018-7d138cfd7b)

This update does sanity checking when an application passes in a checksum to verify. Before this release, applications could pass in non-hex values for the checksum, which could cause zchunk to crash. Now non-hex values will be rejected. Note that Tenable Network Security has extracted the...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.17.4 - Revert 'fix minor infoleak in getuserex' Brian Maly Orabug: 25790392 CVE-2016-9644 3.8.13-118.17.3 - net: ping: check minimum size on ICMP header length Kees Cook Orabug: 25766911 CVE-2016-8399 3.8.13-118.17.2 - ipv6: stop sending PTB packets for MTU 1280 Hagen Paul...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188: iowarrio...

AN-HTTPd 1.2 b CGI Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data...

Scientific Linux Security Update : systemtap on SL6.x i386/x86_64

SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. It was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobe...

CVE-2011-0046

Multiple cross-site request forgery CSRF vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to 1 adding a saved search in buglist.cgi, 2 voting in...

Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-browser passes command line arguments ...

Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the parsi...

kernel security and bug fix update

2.6.18-92.1.6.0.2.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki orabug 6045759 - splice Fix bad unlockpage in error case Jens Axboe orabug 6263574 - dio fix error-path crashes Linus Torvalds orabug 6242289 - NET fix netpoll race Tina Yang orabugz 5791 2.6.18-92.1.6.el5 - x86 sanity...

Apple QuickTime SMIL qtnext Redirect File Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of SMIL text embedded in video...

ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability

ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-027 -- CVE ID: CVE-2008-2241 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates BrightStor ARCserve Server -- TippingPointTM IPS Custom...