CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

Linux Distros Unpatched Vulnerability : CVE-2024-42277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprdiommuhwen In sprdiommucleanup before calling function...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42277)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42277 advisory. - In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in...

CVE-2024-42277 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-42277 affecting package kernel for versions less than 5.15.167.1-1. An upgraded version of the package is available that resolves this issue...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3483-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3483-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3383-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3383-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The...

SUSE-SU-2024:3383-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session bsc1229827. - CVE-2024-43899: drm/amd/display: Fix null pointer deref in...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3190-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following securit...

BELL-CVE-2024-42277

Bulletin has no description...

CVE-2024-42277

A flaw was identified and fixed in the Linux kernel's Spreadtrum sprd IOMMU driver. This issue occurred in the sprdiommucleanup function, where a null pointer dereference happened when calling sprdiommuhwen, as dom-sdev was NULL. This problem could lead to kernel crashes or instability. The bug w...

SUSE CVE-2024-42277

In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprdiommuhwen In sprdiommucleanup before calling function sprdiommuhwen dom-sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center linuxtesting.org with SVACE...

CVE-2024-42277 iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en

In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprdiommuhwen In sprdiommucleanup before calling function sprdiommuhwen dom-sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center linuxtesting.org with SVACE...

ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +2275 more potentially affected by CVE-2023-42277 via cn.hutool:hutool-core (>=4.0.0 <=5.8.21)

cn.hutool:hutool-core MAVEN version =4.0.0, =1.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =j8.2.2.0, =1.0.2, =1.0.4 and more Source cves: CVE-2023-42277 Source advisory: OSV:GHSA-7P8C-CRFR-Q93P...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +439 more potentially affected by CVE-2023-42277 via cn.hutool:hutool-json (>=4.0.0 <=5.8.21)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2023-42277 Source advisory: OSV:GHSA-7P8C-CRFR-Q93P...

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...