Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fixed a potential NULL pointer dereference in the icebridgesetlink function. The icebridgesetlink function may encounter a NULL pointer dereference if nlmsgfindattr returns NULL, and brspec is dereferenced subsequently ...

CVE-2020-11215

An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2022-49886

CVE-2022-49886 affects the Linux kernel (x86/tdx) where bad configurations can cause a panic if a #VE is delivered on private memory access. The fix/policy requires ATTR_SEPT_VE_DISABLE to be set during early boot; if it is unset, the kernel panics. There is no public exploit detail provided in t...

Important: kernel-livepatch-6.1.115-126.197

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount CVE-2024-49960 In the...

fs/ntfs3: Add rough attr alloc_size check

...

CVE-2024-50246

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr allocsize check...

kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

A vulnerability was found in the icebridgesetlink function in the Linux kernel. A missing check to verify whether the nlmsgfindattr function returns NULL or not could lead to a NULL pointer dereference, system instability, or crashes...

SUSE CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

DEBIAN-CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

CVE-2024-7522

Concrete details from connected documents show CVE-2024-7522: an editor component failed to check an attribute value, causing an out-of-bounds read. Affected products include Firefox (versions before 129) and Thunderbird (before 128.1/115.14 ESR). The issue is consistent with Mozilla advisories a...

CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

DEBIAN-CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

CVE-2024-26815

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...

USN-6549-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

[NetScaler] Error "KB Questions and Asnwers not registered" with LDAP KBAttribute

In a SSPR nFactor configuration. You may observe error "KB Questions and Asnwers not registered" when login with LDAP password and can't move to the next AAA factor. Triggers are: The LDAP factor has noschema boundInherits username & password from a previous factor. LDAP action has KBAttribute...

CVE-2017-12153

CVE-2017-12153 refers to a security flaw in the Linux kernel where nl80211_set_rekey_data() in net/wireless/nl80211.c does not validate required Netlink attributes, enabling a local attacker with CAP_NET_ADMIN to trigger a NULL pointer dereference and system crash. The vulnerability is described ...

openSUSE Security Update : icedtea-web (openSUSE-2015-602)

The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...

Input validation

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...