8527 matches found
CVE-2024-7522
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...
SUSE CVE-2024-41018
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attrnames and oatbl Added out-of-bound checking for ane ATTRNAMEENTRY...
SUSE CVE-2024-41029
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmem data than the main attribute itself. For example if nvmeconfig::rootonly was set, the cell...
Medium: python-lxml
Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...
jfs: xattr: fix buffer overflow for invalid xattr
...
CVE-2024-41029
A vulnerability was found in the nvmem subsystem in the Linux kernel. This issue allows excessive permissions for the cell sysfs attribute, potentially exposing sensitive data beyond what is permitted for the main attribute. Mitigation Mitigation for this issue is either not available or the...
DEBIAN-CVE-2024-42114
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211ATTRTXQQUANTUM values syzbot is able to trigger softlockups, setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, fixed with commit d9e15a273306 "pktsched: fq: do not accept sill...
UBUNTU-CVE-2024-42160
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...
UBUNTU-CVE-2024-42114
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211ATTRTXQQUANTUM values syzbot is able to trigger softlockups, setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, fixed with commit d9e15a273306 "pktsched: fq: do not accept sill...
CVE-2024-42160 f2fs: check validation of fault attrs in f2fs_build_fault_attr()
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...
DEBIAN-CVE-2024-42091
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform or when running as a VF. While the former is unlikely, the latter is valid future use case and will cause NPD when...
AZL-47980 CVE-2024-41076 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4setsecuritylabel We leak nfsfattr and nfs4label every time we set a security xattr...
DEBIAN-CVE-2024-41076
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4setsecuritylabel We leak nfsfattr and nfs4label every time we set a security xattr...
DEBIAN-CVE-2024-41029
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmem data than the main attribute itself. For example if nvmeconfig::rootonly was set, the cell...
UBUNTU-CVE-2024-41076
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4setsecuritylabel We leak nfsfattr and nfs4label every time we set a security xattr...
UBUNTU-CVE-2024-41029
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmem data than the main attribute itself. For example if nvmeconfig::rootonly was set, the cell...
CVE-2024-41029
CVE-2024-41029 — Linux kernel (nvmem/core) Affected: Linux kernel components handling non-volatile memory (nvmem). Issue: the cell sysfs attribute could expose more access to nvmem data than the main attribute, e.g., when nvme_config::root_only was set, the cell attribute still allowed reads for ...
DEBIAN-CVE-2024-41017
In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the unit sysfs attribute should not provide more access to nvmem data than the main attribute...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check before traversing the members of the ealist to ensure that each ea remains within the scope o...