66 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from improper cleanup after nvmem kernel devsetname...
UBUNTU-CVE-2022-49046
In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check return value when calling devsetname If devsetname fails, the devname is null, check the return value of devsetname to avoid the null-ptr-deref...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a null pointer dereference due to unchecked devsetname return values...
kernel: ptp: Fix possible memory leak in ptp_clock_register()
In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptpclockregister I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 size 8: comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 age 13.188s hex...
DEBIAN-CVE-2021-47455
In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptpclockregister I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 size 8: comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 age 13.188s hex...
CVE-2021-47455
In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptpclockregister I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 size 8: comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 age 13.188s hex...
DEBIAN-CVE-2021-46985
In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpidevicesetname' fails, we must free 'acpidevicebusid-busid' or there is a potential memory leak...
kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...
kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...
PT-2025-7974
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified where the dev set name function's return value is not properly checked. If dev set name fails, dev name may return null, potential...
CVE-2021-44148
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...
PT-2024-11092 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak has been identified in the Linux kernel's ACPI scan functionality. The issue arises when the acpi device set name function fails, resulting in a potential memory leak if...
Magento Cross-Site Scripting via Attribute Set Name
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
GHSA-XV69-F7X5-R4QW Magento Cross-Site Scripting via Attribute Set Name
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
CVE-2019-8145
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
PRODSECBUG-2402: Cross-Site Scripting via Attribute Set Name
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
UBUNTU-CVE-2019-6460
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function recfieldsetname in the file rec-field.c in librec.a...
DEBIAN-CVE-2019-6460
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function recfieldsetname in the file rec-field.c in librec.a...
PT-2019-18103 · Gnu +3 · Gnu Recutils +3
Name of the Vulnerable Software and Affected Versions: GNU Recutils version 1.8 Description: An issue was discovered in GNU Recutils. There is a NULL pointer dereference in the function rec field set name in the file rec-field.c in librec.a. Recommendations: For GNU Recutils version 1.8, consider...