SUSE CVE-2024-53213

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xxprobe, the buffer buf was being freed twice: once implicitly through usbfreeurbdev-urbintr with the URBFREEBUFFER flag and again explicitly by...

CVE-2024-56572 media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()

In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocatebuffersinternal The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate this, free the buffer wh...

CVE-2024-53213

CVE-2024-53213 – Linux kernel (LAN78xx USB Ethernet driver) Connected sources confirm a concrete issue in lan78xx where a buffer allocated in lan78xx_probe() was freed twice: once via usb_free_urb(dev->urb_intr) with URB_FREE_BUFFER and again by kfree(buf). The root cause is the double free st...

CLSA-2024-1735119353 openssl: Fix of CVE-2024-4741

CVE-2024-4741: Only free the read buffers if we're not using them...

CVE-2024-53059

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwlmvmsendrecoverycmd 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwlmvmsendcmdstatus, which handles...

SUSE CVE-2024-53059

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwlmvmsendrecoverycmd 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwlmvmsendcmdstatus, which handles...

UBUNTU-CVE-2024-47814

Vim is an open source, command line text editor. A use-after-free was found in Vim 9.1.0764. When closing a buffer visible in a window a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user...

DEBIAN-CVE-2024-43374

The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers Buf autocommands. If in such an autocommand the buffer that was just opened is closed including the window where it is shown, this causes...

CVE-2024-42254 io_uring: fix error pbuf checking

In the Linux kernel, the following vulnerability has been resolved: iouring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs ISERR inconsistent error handling in ioallocpbufring. KASAN: null-ptr-deref in range 0x0000000000000000-0x0000000000000007 RIP:...

kernel: tipc: fix a possible memleak in tipc_buf_append

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipcbufappend skblinearize doesn't free the skb when it fails, so move 'buf = NULL' after skblinearize, so that the skb can be freed on the err path...

CVE-2024-41965

Vulnerability: CVE-2024-41965 in Vim due to a double-free in dialog_changed() when renaming an unnamed buffer during abandonment, which could lead to a heap-use-after-free and a crash. Affected: Vim versions prior to 9.1.0648; fix: Vim patch v9.1.0648 and later. Exploitation details are not provi...

kernel: TIPC message reassembly use-after-free remote code execution vulnerability

A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...

Denial Of Service (DOS)

OPCFoundation.NetStandard.Opc.Ua.Core is vulnerable to Denial Of Service. The vulnerability is due to improper buffer management when the system receives an excessive number of messages from a remote source, which could allow remote attackers to exhaust memory resources and potentially lead to a...

GHSA-4Q2P-HWMR-QCXC OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.5.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a...

OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.5.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a...

CVE-2024-33862

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper buffer management when handling an excessive number of messages from a remote source. An attacker can exhaust system memory resources, potentially leading to system...

CVE-2024-33862

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a...

CVE-2024-33862

Concisely, CVE-2024-33862 affects OPCFoundation.NetStandard.Opc.Ua.Core prior to 1.05.374.54. The issue is a buffer-management vulnerability that can be triggered by receiving an excessive number of messages from a remote source, potentially exhausting memory resources and causing a DoS. The in-s...

PT-2024-24281 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.0 LTS through 9.3 CD Description: The issue is caused by an error processing messages when an API Exit using MQBUFMH is used, leading to a denial of service attack in certain configurations. Recommendations: For IBM MQ...