6769 matches found
DEBIAN-CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...
UBUNTU-CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...
UBUNTU-CVE-2022-49189
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3 and the final D value calculated results in underflow errors. As the curren...
CVE-2022-49553 fs/ntfs3: validate BOOT sectors_per_clusters
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is 0x80, it represents a shift value. Make sure that the shift value is not too large before using it NTFS max cluster size is 2MB. Return...
CVE-2022-49553
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is 0x80, it represents a shift value. Make sure that the shift value is not too large before using it NTFS max cluster size is 2MB. Return...
CVE-2022-49387
CVE-2022-49387 concerns the Linux kernel watchdog driver rzg2l_wdt. The root cause is a 32-bit overflow in timer_cycle_us that can yield 0, e.g., when a counter like 0xfff is used to compute maxval. The provided connected documents confirm a patch that promotes values to 64-bit by appending ULL t...
CVE-2022-49387 watchdog: rzg2l_wdt: Fix 32bit overflow issue
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fix 32bit overflow issue The value of timercycleus can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so...
CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...
CVE-2022-49235
CVE-2022-49235 corresponds to a Linux kernel issue where ath9k_htc uninitialized fields caused two KMSAN bugs. The reports state that in htc_connect_service() svc_meta_len and pad were not initialized (suggesting setting svc_meta_len to 0 when no service data is present) and in htc_issue_send() t...
CVE-2022-49235 ath9k_htc: fix uninit value bugs
In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...
CVE-2022-49189
CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a null pointer dereference due to unchecked devsetname return values...
X.Org和Xwayland 资源管理错误漏洞
X.Org is an open source free software from the X.Org Foundation.Xwayland is an open source communication protocol from Xwayland that specifies how a display server communicates with its clients. A resource management error vulnerability exists in X.Org and Xwayland that stems from evaluating chan...
CVE-2023-51336
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV...
USN-7278-1 openssl vulnerabilities
George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations. A remote attacker could possibly use this issue to recover private data. CVE-2024-13176 It was discovered that OpenSSL incorrectly handled certain memory operations...
CVE-2023-51331
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV...
CVE-2023-51319
PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file...
CVE-2023-51313
PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV fi...
PT-2025-7316 · Phpjabbers · Phpjabbers Meeting Room Booking System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Meeting Room Booking System version 1.0 Description: The issue is related to a CSV Injection vulnerability that allows an attacker to execute remote code. This vulnerability exists due to insufficient input validation on the...
PT-2025-7302 · Phpjabbers · Phpjabbers Bus Reservation System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Bus Reservation System version 1.1 Description: The issue allows an attacker to execute remote code due to insufficient input validation in the Languages section Labels any parameters field in System Options, which is used to...