341 matches found
SUSE CVE-2024-57936
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...
CVE-2024-57936
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...
CVE-2024-57936
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...
CVE-2024-57936 RDMA/bnxt_re: Fix max SGEs for the Work Request
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...
CVE-2024-57936 RDMA/bnxt_re: Fix max SGEs for the Work Request
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...
CVE-2024-57936
CVE-2024-57936 affects the Linux kernel RDMA/bnxt_re code and fixes an SGEs handling bug in Work Requests. The issue arises because Gen P7 hardware can report up to 13 SGEs, while the WQE software structure currently supports only 6 SGEs. This mismatch allowed requests with as many as 13 SGEs to ...
Oracle MySQL 安全漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL version 9.1.0 and prior versions. An attacker can use this vulnerability to create, delete, or modify...
Oracle Hospitality Applications 安全漏洞
Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hospitality management from Oracle Corporation USA. The product offers features such as managing human resource costs and improving customer satisfaction by providing tracking and management of...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the selinux module not ignoring unknown permissions when handling extended permissions. This could lead to syste...
Inefficient Compression
@lodestar/reqresp is vulnerable to Inefficient Compression. The vulnerability is due to inefficient compression in the snappy framing over SSZ encoded messages, allows an attacker to send specially crafted messages that exploit these inefficiencies, potentially causing resource exhaustion, system...
CVE-2024-56629
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev-product reporting by certain devices, null pointer dereferences occur when dev-product is empty, leading to potential system crashes. This issue was...
CVE-2024-56629
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev-product reporting by certain devices, null pointer dereferences occur when dev-product is empty, leading to potential system crashes. This issue was...
CVE-2024-56629 HID: wacom: fix when get product name maybe null pointer
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev-product reporting by certain devices, null pointer dereferences occur when dev-product is empty, leading to potential system crashes. This issue was...
ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service Vulnerabilities
ABB Cylon Aspect version 3.08.00 suffers from a vulnerability in the fileSystemUpdate.php endpoint of the ABB BEMS controller due to improper handling of uploaded files. The endpoint lacks restrictions on file size and type, allowing attackers to upload excessively large or malicious files. This...
PT-2024-8392
Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.31 PHP versions 8.2. before 8.2.26 PHP versions 8.3. before 8.3.14 Description: The issue is related to an integer overflow in the ldap escape function on 32-bit systems when handling uncontrolled long string...
kernel: iommu: Fix potential use-after-free during probe
A vulnerability was found in the Linux kernel's IOMMU driver, where the deviommufree function can lead to a use-after-free error. This occurs when a device probe fails while simultaneously accessing dev-iommu-fwspec in the ofiommuconfigure path. As a result, this vulnerability can potentially cau...
The vulnerability of NVIDIA’s graphics driver for Windows, related to reading data beyond the buffer in memory, allows attackers to execute arbitrary code, disclose sensitive information, cause system failures, or gain elevated privileges.
The vulnerability of NVIDIA’s graphics driver for Windows relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code, disclose sensitive information, cause system failures, or gain elevated privileges...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to improper handling in the Readutf8 function. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
kernel: xfs: add bounds checking to xlog_recover_process_data
A vulnerability has been identified within the Linux kernel's xlogrecoverprocessdata function. Specifically, the function lacks proper bounds checking on the space allocated for the fixed members of the xlogopheader structure during log record processing. This omission can lead to an out-of-bound...
GHSA-R9MQ-3C9R-FMJQ Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...