216 matches found
CVE-2022-49052 mm: fix unexpected zeroed page mapping with zram swap
In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user process can be corrupted by seeing zeroed page unexpectedly. CPU A CPU B doswappage doswappage SWPSYNCHRONOUSIO path SWPSYNCHRONOUSIO...
OESA-2025-1167 etcd security update
%expand: Security Fixes: A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes...
OESA-2025-1124 etcd security update
%expand: Security Fixes: A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes...
SUSE CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
DEBIAN-CVE-2024-57911
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc and it is used to push data to user space from a triggered buffer, but it does not set values for inactive...
AZL-56235 CVE-2024-57911 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc and it is used to push data to user space from a triggered buffer, but it does not set values for inactive...
CVE-2024-57911 iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc and it is used to push data to user space from a triggered buffer, but it does not set values for inactive...
kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4fattrargs.context is zeroed out If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'l...
Golang-fips: golang fips zeroed buffer
...
RHEL 7 : rhc-worker-script (RHSA-2024:10133)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10133 advisory. Remote Host Configuration rhc worker for executing scripts on hosts managed by Red Hat Insights. Security Fixes: net/http: Denial of servic...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
Moderate: Red Hat Security Advisory: grafana-pcp security update
An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
...
RLSA-2024:8847 Moderate: grafana-pcp security update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 For more details about th...
RockyLinux 9 : grafana (RLSA-2024:8678)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8678 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the precedi...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
AlmaLinux 8 : grafana (ALSA-2024:8327)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8327 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the precedin...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...