|
2023-09-18
|
CVE-2023-4527
|
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
|
Fedora, Glibc, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Codeready_linux_builder_eus, Codeready_linux_builder_eus_for_power_little_endian, Codeready_linux_builder_eus_for_power_little_endian_eus, Codeready_linux_builder_for_arm64, Codeready_linux_builder_for_arm64_eus, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_ibm_z_systems_eus, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_ibm_z_systems_s390x, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_tus
|
6.5
|
|
|
|
2023-09-20
|
CVE-2023-4236
|
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.
This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.
|
Debian_linux, Fedora, Bind, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware
|
N/A
|
|
|
|
2023-10-16
|
CVE-2023-40791
|
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
|
Linux_kernel, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware
|
6.3
|
|
|
|
2023-10-25
|
CVE-2023-5363
|
Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths. This can lead to potential truncation
or overruns during the initialisation of some symmetric ciphers.
Impact summary: A truncation in the IV can result in non-uniqueness,
which could result in loss of confidentiality for some cipher modes.
When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
the key and IV...
|
Debian_linux, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Openssl
|
7.5
|
|
|
|
2019-10-11
|
CVE-2019-2215
|
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
|
Ubuntu_linux, Debian_linux, Android, Alp\-Al00b_firmware, Alp\-Tl00b_firmware, Anne\-Al00_firmware, Ares\-Al00b_firmware, Ares\-Al10d_firmware, Ares\-Tl00chw_firmware, Barca\-Al00_firmware, Berkeley\-L09_firmware, Berkeley\-Tl10_firmware, Bla\-Al00b_firmware, Bla\-L29c_firmware, Bla\-Tl00b_firmware, Columbia\-Al00a_firmware, Columbia\-L29d_firmware, Cornell\-Tl10b_firmware, Duke\-L09i_firmware, Dura\-Al00a_firmware, Figo\-Al00a_firmware, Florida\-Al20b_firmware, Florida\-L03_firmware, Florida\-L21_firmware, Florida\-L22_firmware, Florida\-Tl10b_firmware, Honor_9i_firmware, Honor_view_20_firmware, Jakarta\-Al00a_firmware, Johnson\-Tl00d_firmware, Leland\-Al10b_firmware, Leland\-L21a_firmware, Leland\-L32a_firmware, Leland\-Tl10b_firmware, Leland\-Tl10c_firmware, Lelandp\-Al00c_firmware, Lelandp\-L22c_firmware, Mate_rs_firmware, Neo\-Al00d_firmware, Nova_2s_firmware, Nova_3_firmware, Nova_3e_firmware, P20_firmware, P20_lite_firmware, Princeton\-Al10b_firmware, Rhone\-Al00_firmware, Stanford\-L09_firmware, Stanford\-L09s_firmware, Sydney\-Al00_firmware, Sydney\-Tl00_firmware, Sydneym\-Al00_firmware, Tony\-Al00b_firmware, Tony\-Tl00b_firmware, Y9_2019_firmware, Yale\-Al00a_firmware, Yale\-L21a_firmware, Yale\-Tl00b_firmware, A220_firmware, A320_firmware, A800_firmware, Aff_baseboard_management_controller_firmware, C190_firmware, Cloud_backup, Data_availability_services, Fas2720_firmware, Fas2750_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610s_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage
|
7.8
|
|
|
|
2019-09-19
|
CVE-2019-14821
|
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of...
|
Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Leap, Sd\-Wan_edge, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host
|
8.8
|
|
|
|
2019-09-17
|
CVE-2019-14835
|
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
|
Ubuntu_linux, Debian_linux, Fedora, Imanager_neteco, Imanager_neteco_6000, Manageone, Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization, Virtualization_host
|
7.8
|
|
|
|
2020-01-21
|
CVE-2019-20388
|
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
|
Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2
|
7.5
|
|
|
|
2019-08-25
|
CVE-2019-15538
|
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
|
Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Aff_a700s_firmware, Data_availability_services, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Leap
|
7.5
|
|
|
|
2020-04-29
|
CVE-2020-11884
|
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
|
Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller, Steelstore_cloud_integrated_storage
|
7.0
|
|
|