209 matches found
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in t...
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
CVE-2024-9355 Golang-fips: golang fips zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
SUSE CVE-2024-46697
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4fattrargs.context is zeroed out If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'l...
DEBIAN-CVE-2024-46697
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4fattrargs.context is zeroed out If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'l...
CVE-2024-46697
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4fattrargs.context is zeroed out If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'l...
CVE-2024-46697 nfsd: ensure that nfsd4_fattr_args.context is zeroed out
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4fattrargs.context is zeroed out If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'l...
DEBIAN-CVE-2024-38592
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate an extra slot in the ddpcomp array but mtkdrmcrtccreate never seemed to initialize it in the test case I ran. For me, this caused a late...
DEBIAN-CVE-2024-24856
The memory allocation function ACPIALLOCATEZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return...
AZL-62708 CVE-2024-24856 affecting package kernel 6.6.126.1-1
The memory allocation function ACPIALLOCATEZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return...
UBUNTU-CVE-2024-24856
The memory allocation function ACPIALLOCATEZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return...
CVE-2023-52436
A flaw was found in the Linux kernel’s f2fs subsystem. When setting an xattr, explicitly null-terminate the xattr list. This eliminates the assumption that the unused xattr space is always zeroed...
OpenZFS Security Vulnerability
OpenZFS is an open source storage platform. It includes the functionality of a traditional file system and volume manager. A security vulnerability exists in OpenZFS versions 2.1.13 and earlier, and versions 2.2.x through 2.2.1, which stems from replacing the contents of a file with zero-valued...
kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head
A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nftablesupdtable while freeing a transaction object not placed on the list head. This flaw allows a local, unprivileged user to crash the system, resulting in a denial of...
kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head
A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nftablesupdtable while freeing a transaction object not placed on the list head. This flaw allows a local, unprivileged user to crash the system, resulting in a denial of...
kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head
A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nftablesupdtable while freeing a transaction object not placed on the list head. This flaw allows a local, unprivileged user to crash the system, resulting in a denial of...
CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...
CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...