774 matches found
SUSE CVE-2024-41070
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...
GHSA-H7CM-JVPP-69XF Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESMIEI...
CVE-2024-23353 Buffer Over-read in Multi Mode Call Processor
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESMIEI...
CVE-2024-23353 Buffer Over-read in Multi Mode Call Processor
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESMIEI...
CVE-2024-23353
CVE-2024-23353 affects Qualcomm components (Multi Mode Call Processor) and describes a transient denial-of-service during decoding an attach reject message received by UE when IEI is set to ESM_IEI. CVSSv3.1 base score 7.5 (High) with network attack vector, no user interaction, and impact limited...
PT-2024-19832 · Qualcomm · 205 Mobile Platform Firmware +225
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs while decoding an attach reject message received by a UE User Equipment, specifically...
CVE-2024-42134
In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if isavq is NULL bug In the virtiopcicommon.c function vpdelvqs, vpdev-isavq is involved to determine whether it is admin virtqueue, but this function vpdev-isavq may be empty. For installations, virtiopcilegacy...
CVE-2024-42134 virtio-pci: Check if is_avq is NULL
In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if isavq is NULL bug In the virtiopcicommon.c function vpdelvqs, vpdev-isavq is involved to determine whether it is admin virtqueue, but this function vpdev-isavq may be empty. For installations, virtiopcilegacy...
SUSE CVE-2022-48826
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path ex: probe retry will result in deadlock with below call...
The vulnerability of the Auto-attach Option Handler component of the JetBrains YouTrack software for managing projects and tasks allows a hacker to enable the automatic attachment of this option to work processes.
The vulnerability of the Auto-attach Option Handler component in the JetBrains YouTrack project and task management software is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to enable the automatic attachment option to the workflow processes...
CVE-2022-48826
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path ex: probe retry will result in deadlock with below call...
CVE-2022-48826
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path ex: probe retry will result in deadlock with below call...
UBUNTU-CVE-2022-48826
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path ex: probe retry will result in deadlock with below call...
CVE-2022-48826
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path ex: probe retry will result in deadlock with below call...
CVE-2022-48826
Mode C: CVE-2022-48826 affects the Linux kernel drm/vc4, where a deadlock can occur during DSI device attach error when the host device lock is held. Specifically, in the device attach error path, un-registering the host can deadlock with a call trace involving device_del/unregister, mipi_dsi_hos...
UBUNTU-CVE-2024-40908
In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp testrun callback syzbot reported crash when rawtp program executed through the testrun interface calls bpfgetattachcookie helper or any other helper that touches task-bpfctx pointer. Setting the run...
Malicious code in sap-attach (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b3ea59a9ddee4ac23300914369f6a96030885c3679683059afabd518e34f74c4 The OpenSSF Package Analysis project identified 'sap-attach' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2024-37147 GLPI allows Authenticated File Upload to Restricted Tickets
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...