GSD-2021-1001318 dma-buf/sync_file: Don't leak fences on merge failure

dma-buf/syncfile: Don't leak fences on merge failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.135 by commit...

UVI-2021-1001318 dma-buf/sync_file: Don't leak fences on merge failure

dma-buf/syncfile: Don't leak fences on merge failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.135 by commit...

UVI-2021-1001256 dma-buf/sync_file: Don't leak fences on merge failure

dma-buf/syncfile: Don't leak fences on merge failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.53 by commit...

UVI-2021-1001152 dma-buf/sync_file: Don't leak fences on merge failure

dma-buf/syncfile: Don't leak fences on merge failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.5 by commit...

Irzip 代码问题漏洞

Irzip is a compression utility that excels at compressing large files. A null pointer dereference vulnerability exists in lzodecompressbuf in stream.c in Irzip version 0.621, which can be exploited by an attacker to cause a denial of service via specially crafted compressed files...

buf (>=0.1.0 <=0.2.1), i-o (>=0.1.0 <=0.4.1) +2 more potentially affected by CVE-2021-25907 via containers (>=0.1.1 <=0.8.5)

containers CARGO version =0.1.1, =0.1.0, =0.1.0, =0.13.0, =0.14.1 - lude =0.1.0 Source cves: CVE-2021-25907 Source advisory: OSV:RUSTSEC-2021-0010...

CVE-2020-11835

In /SM8250QMaster/android/vendor/oppocharger/oppo/chargeric/oppoda9313.c, failure to check the parameter buf in the function procworkmodewrite in procworkmodewrite causes a vulnerability...

UBUNTU-CVE-2020-16150

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189)

This update for MozillaFirefox fixes the following issues : This update for MozillaFirefox and pipewire fixes the following issues : MozillaFirefox Extended Support Release 78.1.0 ESR - Fixed: Various stability, functionality, and security fixes bsc1174538 - CVE-2020-15652: Potential leak of...

Medium: kernel-livepatch-4.14.165-133.209

Issue Overview: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in drivers/tty/ntty.c.CVE-2020-8648 Affected Packages: kernel-livepatch-4.14.165-133.209 Issue Correction: Please ensure you have live patching enabled. Run yum update...

PT-2018-3904 · D Link · D-Link Dir-620

Name of the Vulnerable Software and Affected Versions: D-Link DIR-620 versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 Description: The issue is related to incorrect processing of the res buf parameter to "index.cgi", allowing OS command injection. This can be exploited by a remote...

DEBIAN-CVE-2017-6058

Buffer overflow in NetRxPkt::ehdrbuf in hw/net/netrxpkt.c in QEMU aka Quick Emulator, when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service out-of-bounds access and QEMU process crash via vectors related to VLAN stripping...

Android Qualcomm Component Denial of Service Vulnerability (CNVD-2016-06205)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. A security vulnerability exists in the rivers/media/video/msm/msmmctlbuf.c file in the Qualcomm...

PT-2015-3672 · D Link · D-Link Dap-1360

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 router versions 2.5.4 and later Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" when res config id is set to 41. This could...

PT-2014-5486 · D Link · D-Link Dap 1150

Name of the Vulnerable Software and Affected Versions: D-Link DAP 1150 version 1.2.94 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" in the Control/URL-filter section. Recommendations: For D-Lin...

PT-2013-3406 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.7.6 Description: The issue is related to the xfs buf find function in fs/xfs/xfs buf.c, which does not validate block numbers. This allows local users to cause a denial of service, resulting in a NULL pointer...

Microsoft Windows XP - afd.sys Local Kernel Denial of Service

Microsoft Windows XP - afd.sys Local Kernel Denial of Service //////////////////////////////////////////////////////////////////////////// // // Title: Microsoft Windows xp AFD.sys Local Kernel DoS Exploit // Author: Lufeng Li of Neusoft Corporation // Vendor: www.microsoft.com // Vulnerable:...

Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version

No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...

dsock <= 1.3 (buf) Remote Buffer Overflow PoC

Exploit for multiple platform in category dos / poc ============================================= dsock A buffer overflow in variable 'buf' exists due to insufficient validation of variable 'name' in function torresolve line 218 of software at http://www.monkey.org/dugsong/dsocks/ url PoC: DaveK ...

dsock 1.3 - &#039;buf&#039; Remote Buffer Overflow (PoC)

A buffer overflow in variable 'buf' exists due to insufficient validation of variable 'name' in function torresolve line 218 of software at http://www.monkey.org/dugsong/dsocks/ url PoC: DaveK At a quick glance, this looks like it could indeed be overflowed quite trivially by passing an overlong...