kernel: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...

GSD-2022-1006799 scsi: pm8001: Fix running_req for internal abort commands

scsi: pm8001: Fix runningreq for internal abort commands This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

PT-2022-35054 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to the scsi: pm8001 component, specifically with the handling of internal abort commands. The actual impact and potential for attack have not been fully determined...

NodeBB 跨站请求伪造漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB 2.5.7 and earlier versions, which stems from an unknown part of the file /register/abort being affecte...

PT-2022-24994 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions up to 2.5.7 Description: A vulnerability was found in NodeBB, affecting an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely...

kernel: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...

DEBIAN-CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

Improper access control

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

UBUNTU-CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

PT-2022-26829 · Wasm2C +1 · Wasm2C +1

Name of the Vulnerable Software and Affected Versions: wasm2c version 1.0.29 Description: An issue was discovered in wasm2c, where an abort occurs in the CWriter::Write function. Recommendations: For version 1.0.29, at the moment, there is no information about a newer version that contains a fix...

CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

Code injection

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

CVE-2022-2928

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

CVE-2022-2928

CVE-2022-2928 affects ISC DHCP (versions including 4.4.0–4.4.3 and 4.1-ESV-R1–4.1-ESV-R16-P1). Root cause: option_code_hash_lookup() increments an option’s refcount in add_option() without a corresponding option_dereference(), and add_option() is invoked for multiple options in lease query respon...

Debian DSA-5251-1 : isc-dhcp - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5251 advisory. Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. CVE-2022-2928 It was discovered that the DHCP server does not correctly...