76 matches found
UBUNTU-CVE-2024-27065
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags...
CVE-2024-27065
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags...
CVE-2024-26759
In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swapin the same entry at the same time, they get different pages A, B. Before one thread T0 finishes the swapin and...
CVE-2023-52160
A flaw was found in wpasupplicant's implementation of PEAP. This issue may allow an attacker to skip the second phase of authentication when the target device has not been properly configured to verify the authentication server. By skipping the second phase of authentication, it’s easier for an...
CVE-2023-4647
GitLab CVE-2023-4647 affects all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, and all versions starting from 16.3 before 16.3.1, where the projects API pagination can be skipped, potentially causing DoS on affected instances. Root cause: flaw in handli...
ROS-20230619-04
A vulnerability in the OpenSSL cryptographic library is related to ignoring invalid policy certificates in leaf certificates that are skipped for this certificate. Exploitation of the of the vulnerability could allow an attacker to intentionally assert invalid certificate policies to completely...
SUSE CVE-2011-2929
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
SUSE CVE-2015-2318
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...
Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme
Plus: An offensive US hacking operation, swatters hacking Ring cameras, a Netflix password-sharing crackdown, and more...
Getting the correct HTML codecs parameter for an AV1 video
This post is mostly for my own reference, but I couldn't find a good guide elsewhere, so here we go! I wanted to embed a screencast in a web page, and I wanted it to be as efficient as possible. To achieve this, I created two version of the video, and embedded it like this: The MP4 version uses t...
OSV-2022-1209 Heap-buffer-overflow in OT::hb_ot_apply_context_t::skipping_iterator_t::next
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53714 Crash type: Heap-buffer-overflow READ 4 Crash state: OT::hbotapplycontextt::skippingiteratort::next OT::Layout::GSUBimpl::Ligature::apply bool OT::hbacceleratesubtablescontextt::applytoOT::Layout::GSUBimpl::Liga...
CVE-2022-23035
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time...
GO-2021-0264 Panic when opening certain archives in archive/zip
Previously, opening a zip with Reader.Open could result in a panic if the zip contained a file whose name was exclusively made up of slash characters or ".." path elements. Open could also panic if passed the empty string directly as an argument. Now, any files in the zip whose name could not be...
getMarketInfo skipResults does not work
Handle cmichel Vulnerability details The RCFactory.getMarketInfo function uses the same counter resultNumber for the result arrays' index. This counter is increased if skipResults is set, and the arrays are therefore not indexed at zero. if resultNumber skipResults // @audit increases the array...
SUSE: Security Advisory (SUSE-SU-2021:2404-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ownCloud: File System Monitoring Queue Overflow
in the source code "owncloud/client" in the file "src/gui/folderwatcherlinux.cpp" in the function "void FolderWatcherPrivate :: inotifyRegisterPath const QString & path" by calling "inotifyaddwatch" the file paths are set for monitoring cpp int wd = inotifyaddwatchfd, path.toUtf8.constData,...
CVE-2013-3316
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg"...
Dell PowerPath - Veeam Agent for Linux Limitations
Challenge If a Linux server has Dell PowerPath devices attached, all the underlying block devices representing the network paths to the server are skipped from processing. This will result in the error "No objects to backup" or PowerPath devices missing from the backup. If non-PowerPath devices a...
Design/Logic Flaw
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...
DEBIAN-CVE-2015-2318
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...