CVE-2023-25097

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

PT-2023-5069 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by multiple buffer overflow vulnerabilities in the vtysh ubus binary due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code...

kernel: driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

kernel: driver core: fix potential deadlock in __driver_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in driverattach In driverattach function, There are also AA deadlock problem, like the commit b232b02bf3c2 "driver core: fix deadlock in deviceattach". stack like commit b232b02bf3c2 "driver...

kernel: driver core: fix potential deadlock in __driver_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in driverattach In driverattach function, There are also AA deadlock problem, like the commit b232b02bf3c2 "driver core: fix deadlock in deviceattach". stack like commit b232b02bf3c2 "driver...

kernel: net/sched: fix netdevice reference leaks in attach_default_qdiscs()

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attachdefaultqdiscs In attachdefaultqdiscs, if a dev has multiple queues and queue 0 fails to attach qdisc because there is no memory in attachonedefaultqdisc. Then dev-qdisc will be...

kernel: driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

PT-2025-25884 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, which was related to netdevice reference leaks in the attach default qdiscs function. If a device has multiple queues and queue 0...

PT-2023-16907 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the attach rule function. This allows...

PT-2023-16912 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is due to missing or incorrect nonce validation on the attach rule function, making it possible for unauthenticated attackers ...

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

SUSE CVE-2008-2365

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux RHEL 4, allows local users to cause a denial of service oops via a long series of PTRACEATTACH ptrace calls to another user's process that trigger a conflict between...

SUSE CVE-2016-1623

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...

SUSE CVE-2016-5138

Integer overflow in the kbasepvinstrattachclient function in midgard/malikbasevinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service heap-based buffer overflow and use-after-free by leveraging an unrestricted multiplication...

SUSE CVE-2016-10124

An issue was discovered in Linux Containers LXC before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container...

SUSE CVE-2016-10214

Memory leak in the virglresourceattachbacking function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service memory consumption via a large number of VIRTIOGPUCMDRESOURCEATTACHBACKING commands...

SUSE CVE-2017-5578

Memory leak in the virtiogpuresourceattachbacking function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRTIOGPUCMDRESOURCEATTACHBACKING commands...

SUSE CVE-2017-16538

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service general protection fault and system crash or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timin...

SUSE CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...