240 matches found
CVE-2023-52687
In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dmamapsg calls Macro dmamapsg may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dmaunmapsg. Found by...
CVE-2023-52687
CVE-2023-52687 affects the Linux kernel crypto safexcel path. The issue arises when dma_map_sg() can return 0 on error, risking improper handling of DMA mappings. The published patch adds error checks for dma_map_sg() and ensures previously mapped buffers are unmapped via dma_unmap_sg() to preven...
CVE-2024-31441 Arbitrary File Reading in DataEase
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...
CVE-2022-48672
CVE-2022-48672 is a Linux kernel issue in the device-tree flattening path: in unflatten_dt_nodes(), an off-by-one error can overflow the nps[] buffer due to an unfixed depth check in the loop. The problem was fixed by commit 78c44d910d3e, in which the depth handling during unflattening was correc...
CVE-2024-27041
A vulnerability was found in the Linux kernel's AMD amdgpudm.c driver, where a lack of proper checks in the amdgpudmfini function could result in a NULL pointer dereference. This scenario can occur when attempting to access the value adev-dm.dc and could lead to memory corruption or system...
CVE-2024-27041
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev-dm.dc in amdgpudmfini Since 'adev-dm.dc' in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, check beforehand to ensure there will not be a possible...
CVE-2024-27041 drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev-dm.dc in amdgpudmfini Since 'adev-dm.dc' in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, check beforehand to ensure there will not be a possible...
CVE-2024-27041 drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev-dm.dc in amdgpudmfini Since 'adev-dm.dc' in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, check beforehand to ensure there will not be a possible...
CVE-2022-48657
In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amufiesetup cpufreqgethwmaxfreq returns max frequency in kHz as unsigned int, while freqinvsetmaxratio gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can...
CVE-2022-48657
In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amufiesetup cpufreqgethwmaxfreq returns max frequency in kHz as unsigned int, while freqinvsetmaxratio gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can...
PT-2024-4186 · Unknown · Svacer Sast
Name of the Vulnerable Software and Affected Versions: Svacer SAST affected versions not specified Description: The issue is related to information disclosure. It can be exploited by a remote attacker to gain access to protected information. Recommendations: At the moment, there is no information...
Malicious code in analysis-tool-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab026f9cd9836e60e06d6f1449c82d1e5d26662722dfa2be764f46778eab3b39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1023 Malicious code in analysis-tool-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab026f9cd9836e60e06d6f1449c82d1e5d26662722dfa2be764f46778eab3b39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2024-19214 · Unknown · Access Analysis Cgi An-Analyzer
Name of the Vulnerable Software and Affected Versions: Access analysis CGI An-Analyzer versions prior to 2023 December 31 Description: The issue allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...
CVE-2023-37257
CVE-2023-37257 is a stored cross-site scripting vulnerability in DataEase prior to version 1.18.9, affecting the DataEase panel and dataset. The root cause is a stored XSS condition in the panel/dataset that could be triggered by user input or data rendering, as documented by multiple sources. Th...
CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...
CVE-2023-34463
DataEase contains a vulnerability (CVE-2023-34463) where unauthorized users can delete an application. Affected product: DataEase, with fixes implemented in version 1.18.8. Public references in multiple sources confirm the issue and upgrade as the advised remediation. Impact details describe unau...
CVE-2023-35168
DataEase (open source data visualization tool) has a privilege bypass vulnerability in affected versions prior to 1.18.8, allowing ordinary users to access the user database and exfiltrate fields such as password MD5 hashes, usernames, emails, and phone numbers. The fixed version is 1.18.8; upgra...
Design/Logic Flaw
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
Intel Trace Analyzer And Collector 缓冲区错误漏洞
Intel Trace Analyzer And Collector is a trace analyzer and collector from Intel USA. It is used to analyze Mpi behavior in parallel applications. A security vulnerability exists in Intel Trace Analyzer And Collector versions prior to 2021.8.0 that stems from the presence of a stack-based buffer...