Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6726-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-1 advisory. Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request,...

Fedora 39 : kernel (2024-88847bc77a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-88847bc77a advisory. The 6.7.5 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

Design/Logic Flaw

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

CVE-2023-52429

CVE-2023-52429 affects the Linux kernel driver path drivers/md/dm-table.c. The issue arises in dm_table_create’s alloc_targets path where, due to a missing check for struct dm_ioctl.target_count, it can allocate more than INT_MAX bytes and crash. Public sources in connected Nessus plugins confirm...

Fedora 33 : opensmtpd (2021-848fd34b0b)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-848fd34b0b advisory. - smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a very significant memory leak via...

CVE-2020-35679

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...

CVE-2020-35679

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...

Design/Logic Flaw

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feedtableblocktag function in table.c does not prevent a negative indent value...

CVE-2018-6196

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feedtableblocktag function in table.c does not prevent a negative indent value...

CVE-2018-6196

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feedtableblocktag function in table.c does not prevent a negative indent value...

CVE-2018-6196

CVE-2018-6196 affects w3m up to version 0.5.3. The underlying issue is an infinite recursion in HTMLlineproc0 caused by feed_table_block_tag not preventing a negative indent value in table.c. Public advisories and patches across distros confirm the fix in multiple releases: OpenSUSE/SUSE update (...

w3m - multiple vulnerabilities

Tatsuya Kinoshita reports: CVE-2018-6196 table.c: Prevent negative indent value in feedtableblocktag. CVE-2018-6197 form.c: Prevent invalid columnPos call in formUpdateBuffer. CVE-2018-6198 config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: Make temporary directory safely when /.w...

CVE-2018-6196

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feedtableblocktag function in table.c does not prevent a negative indent value...