32 matches found
Astra Linux - уязвимость в rsync
A flaw was discovered in rsync that can be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length, causing a comparison between a checksum and uninitialized memory, and resulting in the leakage of one byte of uninitialized stack data ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003639)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003639 advisory. In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags...
DEBIAN-CVE-2025-40221
In the Linux kernel, the following vulnerability has been resolved: media: pci: mg4b: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the scan structure is zeroed before use...
JLSEC-2025-324 A flaw was found in rsync which could be triggered when rsync compares file checksums
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...
EUVD-2019-6786
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987268 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true...
CVE-2025-39690 iio: accel: sca3300: fix uninitialized iio scan data
In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...
PT-2025-36284
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential leak of uninitialized stack data to userspace exists due to the channels array not being zeroed before use. This issue affects the sca3300 driver within the industrial I/O...
DEBIAN-CVE-2025-32366
In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and memcpyresponse+offset,end,rdlen without a check for whether the sum of end and rdlen exceeds max. Consequently, rdlen may be larger than the amount of remaining...
SUSE CVE-2024-12085
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...
Security update for rsync
This update for rsync fixes the following issues: NOTE: this update is broken and was retracted. New update will be published as followup update. CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the...
AZL-55664 CVE-2024-12085 affecting package rsync for versions less than 3.4.1-1
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...
CVE-2024-12085
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...
CVE-2024-12085
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...
Rsync 缓冲区错误漏洞
Rsync is a fast and versatile file copying tool open-sourced by RsyncProject. It is used for remote files and local files. Rsync suffers from a buffer error vulnerability that stems from improper file checksum comparisons, which allows an attacker to manipulate the length of the checksum value an...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized 0 in the result field of a command queue entry CQE when it is not in use, which could lead to...
AZL-34732 CVE-2023-4527 affecting package glibc for versions less than 2.38-11
A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...
glibc buffer error vulnerability
glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc, which stems from the fact that when the getaddrinfo function is called using the AFUNSPEC address family and is configured in no-aaaa mode via /etc/resolv.conf, TCP DNS response...