15 matches found
CVE-2019-9514
CVE-2019-9514 corresponds to an HTTP/2 vulnerability where an attacker floods a peer by sending HEADERS frames, causing unbounded memory growth and potential DoS. Public details in connected advisories show affected stacks include Go HTTP/2 implementations and Go-based tools, with remediation via...
CVE-2022-1011
CVE-2022-1011: A use-after-free vulnerability in the Linux kernel FUSE implementation when a user triggers write(), enabling local privilege escalation. Affected component is the FUSE filesystem in the kernel; impact is unauthorized access to data from FUSE mounts and potential escalation. Connec...
CVE-2022-0330
CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...
CVE-2018-16871
A CVE-2018-16871 issue exists in the Linux kernel’s NFS implementation (all 3.x and 4.x up to 4.20). A attacker mounting an exported NFS filesystem can trigger a null pointer dereference using an invalid NFS sequence, causing a kernel panic and denying access to the NFS server; outstanding disk w...
CVE-2021-3669
CVE-2021-3669 is a Linux kernel vulnerability where measuring shared memory usage does not scale with large shared memory segment counts, enabling resource exhaustion and DoS. Connected sources confirm the issue affects multiple kernel versions and distributions, with remediations following vendo...
CVE-2022-1227
CVE-2022-1227 describes a privilege-escalation flaw in Podman where an attacker could publish a malicious image to a public registry; when a victim downloads it, running the user command ‘podman top’ could grant access to the host filesystem, enabling information disclosure or DoS. The issue is t...
CVE-2022-27649
CVE-2022-27649 affects Podman (and related container tooling) where containers could be started with non-empty default/inheritable Linux capabilities. The underlying issue is that default inheritable capabilities for Linux containers were not empty, allowing an attacker with access to programs po...
CVE-2021-3744
CVE-2021-3744 is a memory-leak DoS in the Linux kernel: the flaw occurs in the ccp_run_aes_gcm_cmd() function (drivers/crypto/ccp/ccp-ops.c), allowing memory consumption-based denial of service. Connected advisories (Astra Linux and Amazon Linux 2 kernel updates) confirm the same root cause and n...
CVE-2019-17596
CVE-2019-17596 affects Go (Go before 1.12.11 and 1.3.x before 1.13.2) and can cause a panic when processing network traffic that contains an invalid DSA public key, e.g., traffic between clients and servers that verify client certificates. Connected advisories show affected Go versions and explic...
CVE-2019-16276
CVE-2019-16276 affects the Go programming language’s net/http handling, allowing HTTP Request Smuggling when an HTTP header contains spaces before the colon. The issue is publicly documented across multiple advisories; Go versions prior to fixes described in the connected documents are affected. ...
CVE-2021-3695
CVE-2021-3695 affects grub2. A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2 heap, leading to heap data corruption and potentially arbitrary code execution, bypassing secure boot protections. The vulnerability requires heap-layout triage and the written values are r...
CVE-2021-3697
CVE-2021-3697 is a grub2 JPEG handling vulnerability where crafting a JPEG image may cause a heap underflow in the JPEG reader, enabling data corruption and potentially code execution or secure-boot circumvention. It affects grub2 versions prior to the fixed release (notably legacy references to ...
CVE-2021-3696
CVE-2021-3696 = heap out-of-bounds write during Huffman table handling in grub2’s PNG reader, causing potential heap corruption. Affected: grub2 before patch grub-2.12; implications listed as Low/Low/Low in some sources, with potential for data corruption and, in theory, arbitrary code execution ...
CVE-2019-9741
CVE-2019-9741 affects Go’s net/http in Go 1.11.5, enabling CRLF injection when an attacker controls a URL parameter. The issue arises from constructing an HTTP request with http.NewRequest where a CRLF sequence can precede a header or Redis command, allowing potential header injection and related...
CVE-2017-15041
The CVE-2017-15041 entry concerns Go prior to 1.8.4 and 1.9.x prior to 1.9.1, where the go get command can lead to remote code execution via crafted repository structures (example.com/pkg1 pointing to a Subversion repo and pkg1/pkg2 to a Git repo). If the Subversion repo contains a Git checkout w...